Entra ID Integration IV: Microsoft Entra Join
Microsoft Entra Join Overview
In comparison to Windows Autopilot, the Microsoft Entra join can be performed from the out-of-the-box experience and additionally from the Settings application for already used devices. Microsoft Entra join allows a very simple and convenient enrollment mechanism for devices and without any interaction of the IT department. As well as for Windows Autopilot, a Mobility (MDM and WIP) application is required in your Microsoft Entra ID with specific permissions and the URLs of your Silverback instance.
Your users only need to connect to an internet connection, and they need to know their Microsoft Entra ID Credentials and can enroll the device within a few steps. After that, Silverback can apply all configurations and can transform the device into an enterprise ready and secured device and can install the UEM Agent to install Software Packages on top. Additionally, you can easily deploy the EgoSecure Data Protection agent for an additional security layer.
Prerequisites
- Accomplished Microsoft Entra ID Integration Guide I & II
- Microsoft Entra ID Premium P1 or greater, or any bundle which includes this license.
Review registration settings
Before you start, you should review if your users are already able to Join devices to Microsoft Entra. To do that, perform the following steps:
- Open Azure Portal and login as an Administrator
- Select Microsoft Entra ID
- Expand Manage and select Devices
- Expand Manage and select Device Settings
- Under Users may join devices to Microsoft Entra, select either All or Selected:
- If All is selected, all users can join their devices to Microsoft Entra ID
- If Select is selected, only users specified can join their devices to Microsoft Entra ID
- To add users, select the link under No member selected, press +Add and select the desired users and/or groups to add
- Once all of the desired users and groups are selected, press Select and confirm with OK
- Press Save
If you are using selected users, we recommend that you use the same group here as you used in the MDM User scope when configuring the MDM and WIP application.
Enrollment Options
You can provision Microsoft Entra joined devices using the following approaches:
- Microsoft Entra ID Join via OOBE (Out of Box Experience):
- Performed during the initial setup of a new device.
- The user is guided to sign in with their Microsoft Entra ID credentials as part of the Windows setup process.
- Automatically joins the device to the Microsoft Entra tenant and applies enrollment policies immediately.
- Suitable for new devices or devices that have been reset.
- Microsoft Entra ID Join via System Settings:
- Performed on an already configured device via Settings
- Requires manual initiation by the user or IT.
- Joins the device to Microsoft Entra ID without resetting existing configurations.
- Ideal for adding existing corporate devices to Microsoft Entra ID.
- Microsoft Entra ID registered devices
- The devices are registered in Microsoft Entra, but not fully joined or managed
- From the device management perspective with Silverback, there is no difference to the Microsoft Entra ID Join
- Performed on an already configured device via Settings
- Users will still sign in with their personal accour or a local account on the device
All methods achieve the same end result—joining the device to Microsoft Entra ID—but differ in timing, user experience, and deployment scenarios. Please note that depending on your version of Windows 10/11 and your network setup, your individual experience in the following step-by-step guide may vary.
Microsoft Entra ID Join via OOBE
- Start the out-of-box-experience of your Windows 10/11 Device
- Select your Region
- Choose keyboard layout
- Click Yes
- Click Add layout or skip
- Add your network and proceed with Next
- Wait a few moments and accept the License Agreement
- Select Set up for an organization
- Proceed with Next
- Enter your Microsoft Entra ID username, e.g. tim.tober@imagoverum.com
This is the email address to use to login into Office 365 and similar Microsoft Online Services
- Press Enter or select Next
- Proceed with the authentication process
- Review and accept the Terms of use
- Proceed with the additional setup screens and configure them to your needs
- Wait until the device configuration is finished
- Add (if required) additional security information (e.g. Windows Hello PIN and Multi-factor Authentication)
- In the All Set! screen press OK to finish the enrollment
Microsoft Entra ID Join via System Settings
- Open Settings on your Windows 10/11 Device
- Select Accounts
- Press Access to work or school
- Press +Connect
- Select Join this device to Microsoft Entra ID
- Enter your Microsoft Entra ID Username, e.g. tim.tober@imagoverum.com
- Proceed with the Authentication process
- Review and accept the Terms of use
- Review the information screen and press Join
- In the You're all set! screen, review the information and press Done
Microsoft Entra registered devices
- Open Settings on your Windows 10/11 Device
- Select Accounts
- Press Access to work or school
- Enter your Microsoft Entra ID Username, e.g. tim.tober@imagoverum.com
- Proceed with Next
- Proceed with the Authentication process
- Review and accept the Terms of use
- Proceed with all additional configuration (e.g. Multi-factor, PIN Creation)
- Proceed with Next and finish the process by confirming with your current password
Next Steps
- Review all Windows 10/11 Profiles and configurations: Tags Guide Part IV: Windows 10/11
- Try Microsoft Autopilot: Microsoft Entra ID Integration III: Windows 10 Autopilot
- Protect your mobile applications with the Microsoft Entra Integration VI: App Protection Policies