Azure AD Join Process and Intune Auto Enrollment for Windows 11 | Licensing Details | Provisioning

Azure AD Join Process and Intune Auto Enrollment for Windows 11 | Licensing Details | Manual Provisioning process explained in this video! The example given is using the settings app of Windows 11.

#msintune #microsoftintune #azuread #azureadjoin #windows11
==
Differences between Device Trust Type - Azure AD Join Vs Hybrid Azure AD Join Vs Azure AD Registered devices?

Azure AD joined – It’s modern device trust type. The Windows devices Joined only to Azure AD requiring an organizational account to sign into the Windows 11 or Windows 10 device.
Azure AD Registered – Devices registered to Azure AD without requiring an organizational account to sign into the device.
The users can log in with their personal Microsoft ID or local to Windows 11 or Windows 10 devices.
Hybrid Azure AD Joined – The Windows Joined to on-premises AD, and Azure AD requires an organizational account to sign into the Windows 11 or Windows 10 devices.
Hybrid Azure AD joined devices require network line of sight to your on-premises domain controllers periodically.
Login to Hybrid Azure AD and join widgets with organizational ID.

==
Planning Required before Joining a Windows 11 device to Azure Active Directory?

Review Licensing Requirements?
Review your identity infrastructure (3rd Party identity providers)?
Assess your device management (Intune/SCCM?)
Understand considerations for applications and resources (Modern Vs Kerberos auth)?
Understand your provisioning options (Enterprise level options – Autopilot?)

==
Azure Active Directory - OOBE Experience + Licensing Details

Windows 11 OOBE Azure AD Join experience is very straightforward.
Windows Home Editions do not support Azure AD join.
Windows 11 Pro or Enterprise versions are supported for Azure AD Join.
Additional licenses are required for additional functionalities such as CA, Intune MDM Join, etc…

==
Intune MDM Auto Enrollment after Azure AD join for Windows 11 devices

Intune Auto-enrollment configurations.
Auto Enrollment allows to automatically enroll of Windows 11 devices to Intune whenever the device is Azure AD joined.

===
Docs from Microsoft:

Federated environment
A federated environment should have an identity provider that supports both WS-Trust and WS-Fed protocols:

WS-Fed: This protocol is required to join a device to Azure AD.
WS-Trust: This protocol is required to sign in to an Azure AD joined device.
When you're using AD FS, you need to enable the following WS-Trust endpoints: /adfs/services/trust/2005/usernamemixed /adfs/services/trust/13/usernamemixed /adfs/services/trust/2005/certificatemixed /adfs/services/trust/13/certificatemixed

If your identity provider doesn't support these protocols, Azure AD join doesn't work natively.

==
Azure AD join:

Supports Windows 10 and Windows 11 devices.
Isn't supported on previous versions of Windows or other operating systems. If you have Windows 7/8.1 devices, you must upgrade at least to Windows 10 to deploy Azure AD join.
Is supported for FIPS-compliant TPM 2.0 but not supported for TPM 1.2. If your devices have FIPS-compliant TPM 1.2, you must disable them before proceeding with Azure AD join. Microsoft doesn't provide any tools for disabling FIPS mode for TPMs as it is dependent on the TPM manufacturer. Contact your hardware OEM for support.

===
More Blog posts related to SCCM/Intune/Windows 11/Cloud PC/AVD/Hyper-V/Cloud/IT Pro/Azure -

#CloudPC #Windows365 #W365

#SCCM #ConfigMgr #SCCMVideos #SCCMTutorials #SCCMStudyVideos #SCCMFreeTraining #SCCMTraining #HowtoManageDevices

#Intune #MicrosoftIntune #IntuneVideos #IntuneTutorials #IntuneGuide #IntuneStudy #MSIntune #IntuneTraining #HowtoManageDevices