How to register Windows 11 device to Microsoft Entra ID

How to register Windows 11 device to Microsoft Entra ID

On my previously article which demonstrated how to joined a Windows 11 device to Microsoft Entra ID(a.k.a. Azure AD), so in this one will show you a alternative way to adding a device Microsoft Entra. However, the difference between Azure AD join versus Azure AD register are huge. (In case of causing any confusion later, note that Microsoft announced to renaming former Microsoft Azure AD to Microsoft Entra ID, but due to the rapidly brand changing there are still parts of Microsoft product remains Azure AD and lots of IT still prefer to stick with Azure AD, hence I’ll go with Azure AD throughout this article. Don’t worry, Azure AD and Microsoft Entra ID are interchangeably.) Furthermore, you may refer to this post regarding the name change here.

Understand the difference between Azure AD join & Azure Register

Azure AD register (a.k.a. Microsoft Entra register) is intended for BYOD (Bring Your Own Device) scenarios which compared to Azure AD join for corporate devices. However, register a device to Azure AD do not require an organizational account to sign to the device but do require an organizational account signing to Microsoft 365 product in order to perform the registration.

Supported Operating Systems

Azure AD register (a.k.a Microsoft Entra register) naturally will Windows 10 or newer versions, plus iOS, Android, macOS, Ubuntu 20.04/22.04LTS. The provision methods are differed among those OS refer to below:

For Windows 10 or newer versions -> provisioning via Settings app or Microsoft 365 apps.

For iOS/Android devices -> provisioning via the Company Portal app or Microsoft Authenticator app.

For macOS -> provisioning via the Company Portal app.

For Linux -> provisioning via Intune Agent. (refer to this link)

Detailed steps for registering a Windows 11 device to Microsoft Entra ID

1.Open any of the Microsoft 365 apps, in my case the Microsoft Teams app.

2.Sign-in to Microsoft Teams with your organizational account.

3.When signed successfully on a personal Windows 11 device (which is not being joined to any Azure AD) it will prompt a window “Stay signed in to all your apps”. On the windows go with default option and make sure the option “Allow my organization to manage my device” is checked > click OK button.

4.Waiting for few seconds to be completed.

Before we are moving further adding a screenshot of my test device’s hostname here for you to be aware of.

5.The next step prompt to enable Windows Hello on your device to further strengthen device security.

6.Simply follow the prompt to setup a PIN for your device. (better set with 8 digits at least) > click OK button.

7.Finaly one to verify your device’s local account password.

8.Then all done. Successfully signed in to Microsoft Teams app.

Methods for verifying registered Windows devices

To verifying whether a Windows device has been successfully registered to your organization’s Azure AD, you can check via either from that device or from Azure AD.

For checking from the device directly you may go from the Setting app > Accounts > Access work or school. Under this option you should saw an organization’s account displayed on this section.

For checking from Azure AD, you need to make sure you’re being granted with at least Helpdesk level of access rights to your account, then go to https://portal.azure.com > Microsoft Entra ID > Devices (on the left panel) > All devices > searching via hostname.

Note, in general Windows device registered to Azure AD (Microsoft Entra ID) will be managed by Intune but with limited feature available. But if for some reasons you might need to turn the registered device back to corporate owned then you must first delete it from Azure AD then join back to Azure AD. Otherwise it will generate with two records and casing some service not functioning as you wished.

Reference

What are Microsoft Entra registered devices? – Microsoft Entra ID | Microsoft Learn

Get the Microsoft Intune app for Linux | Microsoft Learn

Leave a Reply

Your email address will not be published. Required fields are marked *