Azure AD Join is a new Windows 10 feature for configuring and deploying Company owned Windows devices. Like traditional Domain Join, Azure AD Join registers devices in the directory so that they are visible and can be managed by an organization. But with Azure AD Join, Windows authenticates directly to Azure AD and no Domain Controller is needed.
The first question customers ask about Azure AD join is “How is this different from domain join?” Domain join gets you the best on-premises experiences on devices capable of domain joining, while Azure AD join is optimized for users that primarily access cloud resources. Azure AD Join is also great if you want to manage devices from the cloud with a Mobile Device Management instead of with Group Policy and On Premise Mobile Device Management Solution like SCCM.
But Windows 10 takes this one step further and allows you to connect your device to both your personal and your enterprise clouds, within the same login session. With Windows 10, you can add your personal account to a corporate owned device (joined to a traditional Windows domain or joined to Azure AD), or add your work account to a personal device (to which you signed in with your personal Microsoft account).
In the snapshot below, you can see list of Windows 10 PC’s marked in red box which are logged into Azure AD via Azure AD Domain join.
A few deployment scenarios:
Scenario 1: Your apps and resources are largely in the cloud
If you are moving your organization to the cloud and using SaaS apps like Office 365 for productivity, you should consider Azure AD Join. Employees can join Windows 10 devices to Azure AD by themselves and gets them single sign-on to Office 365 and any other applications that use Azure AD for authentication – including the Azure AD Access Panel (at myapps.microsoft.com).
Scenario 2: Seasonal workers and Students
Customers in retail and educational institutions they need a way to manage two types of user identities: Long term employees like faculty and/or corporate staff, and high turn-over identities for students or seasonal workers. For these customers, a mixed model is ideal. They can continue manage long term employee’s on-premises using Windows Server AD (connected to Azure AD). And they can manage their high turn-over identities in the cloud using Azure AD. This lets them take advantage of the scale out and cost benefits of the cloud. Now with Azure AD in Windows 10 these cloud only users will get the same great SSO to their PC’s and Office 365 and other cloud resources that had previously only been available to on-premises users.