In this blog I will be discussing upon how to register Windows 10 device to Azure AD. When we say registering device to AAD (Azure Active Directory), there are 2 different scenarios for registering your device to Azure AD. We will be also seeing the way to troubleshoot and verify the joining process.

Understanding different scenarios for registering Windows 10 devices to Azure AD

The 2 scenarios of registering the device is:

1. Workplace join, also known as Azure AD registered

Usually used for BYOD (Bring your own device), where contractors can access emails and other applications hosted by organisations.

2. Azure AD Join

Devices are joined to Azure AD and can be fully controlled by MDM (Mobile device management) authority. Windows 10 devices are joining organizations tenant.

For more details to get the difference between two and their benefits for each, you may check the following link Azure AD Join vs WorkPlace Join-Azure AD Registered.

Registering the Device

Registering Windows 10 device using Workplace Join

Login to your Windows 10 device, click on start menu, type settings and click it to open Windows Settings. Click on Accounts.

Under Accounts, select Access work or school from left pane and click on Connect.

This will popup Microsoft Account window asking Email Address, provide your company’s email address and click Next.

Under next window, provide password to authenticate your credentials.

Wait for some time till you message “Hold on while we register this device” message.

You will get message, you are successfully joined and have access to organization’s apps and services. Click Done to exit.

Under Access work or school page, you will see account info used for Azure AD register. Click on Info to get more details on it.

Under Managed by mddprov account page, you can see Connection Info showing Management Server address and Device sync status.

Registering Windows 10 device using Azure AD Join

Follow the same previous step until: click on start menu, go to settings > Access work or school and click on Connect.

Don’t provide the email right now, but click on Join this device to Azure Active Directory.

Note: Join this device to Azure Active Directory will be only visible for a user who is local administrator on the system, standard user won’t see this option.

Under Let’s get you signed in window, provide email address and in next page password to authenticate your credentials.

Make sure this is your organization, and click Join.

Wait till you see the message “Please wait while we set up your device”.

You will finally get message that you are all set, click on Done to exit.

Under Access work or school, you will be able to see Connected to <domainname>’s Azure AD. Click on Info for more details.

You will see Connection Info, areas managed by and Device Sync Status

Check Device Join Status using dsregcmd command line

Dsregcmd status on device registered through Workplace join

dsregcmd command helps understanding the state of device in Azure Active Directory. dsregcmd command only supports on domain user account. It gives us the status of AzureAdJoined, EnterpriseJoined, DomainJoined & Device state info. Following are the supported switches for dsregcmd command:

dsregcmd /status : to check join Status
dsregcmd / join : To initiate autojoin for Hybrid Azure AD joined devices
dsregcmd /leave : to perform Hybrid unjoin
dsregcmd /refreshprt : to refresh PRT in cloudAP cache

Login to 1^st system which was joined using workplace join. Open cmd prompt as Administrator and run following command:

Dsregcmd /status

You will get following status:

• Device State
• User State
• SSO State
• Work Account 1
• Ngc Prerequisite Check

The key takeaways are showing AzureADJoined as No, showing Work Account group as device has joined using WorkPlace Join, WorkplaceDeviceId details, workplaceTenantId details, workplaceTenantname details

Dsregcmd status on device with Azure AD Join

Run the command dsregmd /status

This time you will see following status:

• Device State
• Device Details
• Tenant Details
• User State
• SSO State
• Diagnostic Data
• Ngc Prerequisite Check

As we have joined Azure AD, we have actually joined to a Tenant, hence we can see Tenant Details. We can also see AzureADJoined showing as Yes, we also have Device Details which is not present for workplace joined device / Azure AD Registered device.

Troubleshoot verify Joining status through Event Viewer

User Device Registration can be verified through Event Viewer. Launch Event Viewer (eventvwr.msc) and navigate to Applications and Services Logs > Microsoft > Windows > User Device Registration  >  Admin. Under Right Pane you can see the registration process with specific information:

Event Viewer Status for Workplace Join

As this is a Workplace join, you will see JoinRequest and Join Type value as 5.

The initialization of the join request was successful. Inputs:
 JoinRequest: 5 (WORKPLACE)

The registration status has been successfully flushed to disk.
Join type: 5 (WORKPLACE)

Event Viewer Status for Azure AD Join

For Azure AD Join, you will see JoinRequest and Join Type value as 1

The initialization of the join request was successful. Inputs:
JoinRequest: 1 (DEVICE)
Domain: manishbangia.com

The registration status has been successfully flushed to disk.
Join type: 1 (DEVICE)

And finally you will see The complete join response operation was successful in event viewer for both the scenarios.