Enrolling Windows 10 & above devices using Azure AD
You can set up Azure AD to enable automatic enrollment of Windows 10 devices when they are joined to Azure AD or an Azure AD account has been added to this device. This document outlines the enrollment flow on the Windows 10 devices once the Azure AD based enrollment has been configured,
Prerequisites
- Configure Azure AD based Enrollment in Scalefusion Dashboard
- Azure AD premium license should be assigned to the Users enrolling their Windows 10 devices.
Steps
Once Azure AD based enrollment has been setup, once a User adds the Azure AD account they are automatically enrolled. However if you would like to invite users and send them Emails to enroll their devices, you can do so by following this document.
One can enroll devices using Azure AD in one of the two ways. Both methods are essentially same, but differ in the terminology and how they are connected to Azure AD.
- Method 1: Azure AD Join: This is the preferred method for enrolling devices if the device are owned by the Company or Organization and is normally referred to as Company Owned scenario.
- Method 2: Adding a Workplace Account: This is the preferred method for enrolling devices if the device is owned by the Employee or normally referred to as Bring Your Own Device (BYOD).
The end result of enrolling the device using either of the mechanism is same and the steps are also more or less common. The following steps explain how to enroll the devices using either of the methods.
Enrolling a Device using Azure AD Join
- Open Access to Work or School app. Click on Connect.
- Click on Join this device to Azure Active Directory
- Enter the Azure AD email and click Next.
- Once prompted, please enter your password and click Sign In
- You will be shown a Terms of Use screen. Please click Accept to start enrollment.
- This will begin the enrollment and will take around a couple of minutes to enroll the device. The following screen is shown while the enrollment is being done.
- You can close the Window once the enrollment is complete. The Access School or Work app now shows the following information, confirming that the device has been enrolled.
This completes the enrollment on the device. The device will now start appearing in the Scalefusion Dashboard and be managed remotely.
Enrolling a Device using Workplace Account
- Open Access to Work or School app. Enter the Azure AD email and click Next
- Once prompted, please enter your password and click Sign In
- You will be shown a Terms of Use screen. Please click Accept to start enrollment.
- This will begin the enrollment and will take around a couple of minutes to enroll the device. The following screen is shown while the enrollment is being done.
- You can close the Window once the enrollment is complete. The Access School or Work app now shows the following information, confirming that the device has been enrolled.
This completes the enrollment on the device. The device will now start appearing in the Scalefusion Dashboard and be managed remotely.
Frequently Asked Questions
Question: What is the enrollment mode of the Windows 10 device that is displayed in Device Details screen?
Answer: The enrollment of a device is decided based on the following,
- If the User was invited from Scalefusion Dashboard using Enrollment Configurations > User Enrollment screen, then the enrollment mode is BYOD
- If the user was not invited from Scalefusion Dashboard, then the enrollment mode is based on the QR Code configuration selected in Getting Started > Windows Setup > Azure AD Setup.
Question: As an Azure AD admin can we check the enrolled devices and their compliance state in Azure AD portal?
Answer: Yes. Once you navigate to the Devices section in the directory of users, you can see all the devices enrolled and their compliant state.
