Microsoft Entra ID | Azure Active Directory Joined Devices

  Рет қаралды 25,130

Concepts Work

Concepts Work

Күн бұрын

Пікірлер: 70
@sandiatek7201
@sandiatek7201 2 жыл бұрын
Excellent presentation, very easy to understand.
@ConceptsWork
@ConceptsWork 2 жыл бұрын
Glad it was helpful!
@flutee888man23
@flutee888man23 4 жыл бұрын
Bhai as usual - excellent : )
@444v2.0
@444v2.0 2 жыл бұрын
Thanks for the information.
@sgeorge2248
@sgeorge2248 4 жыл бұрын
GREAT TUTORIAL... wonderful.. subscribed
@ConceptsWork
@ConceptsWork 4 жыл бұрын
Thanks for the sub!
@truereligionhinduism
@truereligionhinduism 4 жыл бұрын
Awesome video
@hashmi316
@hashmi316 2 жыл бұрын
Great video. I’ve done all steps but after restart I’m unable to sign into the machine with work account.
@wotongzhou8152
@wotongzhou8152 3 жыл бұрын
this is sooooooooooooooo helpful, you are legend, keep up
@jktification
@jktification 2 жыл бұрын
Do you need local admin rights to do the aad join? Seems like you want to prevent regular users from joining any pc they want. Also why should any user joining get admin rights? Seems like not good
@2mahender
@2mahender 3 жыл бұрын
Thanks bro, iam able to join my personal machine can i access office 365 etc apps also
@abhimanyusinghshekhawat6871
@abhimanyusinghshekhawat6871 4 жыл бұрын
Thanks, well executed explanation! I have one query on this, can we join the same device with different Azure AD accounts and login with both the IDs at the different times to work on this?
@ashisharya65
@ashisharya65 2 жыл бұрын
Hi, Here once the device is joined to Azure AD, will I be able to use my previous account (which I used to join the device to AAD) to login to the same device or do I have to use only my corporate account? Regards, Ashish Arya
@ConceptsWork
@ConceptsWork 2 жыл бұрын
Yes for sure, you will be able to use your previous account. (Hopefully it is a local account on the device.)
@abulaith4485
@abulaith4485 5 жыл бұрын
Thanks again for such a great content. Can you please if possible explain the concept of Single Sign On and how it works in Azure. I find it confusing. Does SSO mean if you login to different applications with different credentials, all one has to do is sign on once with the application specific credentials and then it will be saved in AAD?. I find the way you explain things is really helpful. Many thanks
@ConceptsWork
@ConceptsWork 5 жыл бұрын
This is just one example, there could be "n" number of use cases. Hello Abu, Thank you all your acknowledgements. SSO in a nutshell means single sign on i.e., the user will use same credentials for all the applications.(Provided the identity provider is same) Implementing SSO with different IDP has to be configured with different processes. If your IDP is same for multiple applications, the user is not prompted for credentials. For Example; You have added two application in Azure AD "Application A" and "Application B." User Tried signing in to Application A, since AzureAD is the identity provider, authentication will be redirected to Azure AD. Once the user is authenticated, Azure AD and the application will save certian cookies in the browser. Now lets say user tries to sign to Application B in another Tab of the browser, Application B will also redirect the request to Azure AD. In this case when the user agent receives a redirect for the same endpoint which will be login.microsoftonline.com , User agent presents the current active cookie. Now, The idp will validate the cookies, in this case, since the cookies will be valid user will not be prompted for authentication. Now lets suppose session time (or cookie) is expired, then if you have configured SSO correctly, user will be redirected to the respective endpoints and since the endpoints are added in local intranet zone, user's authentication will be processed by default. Regards, ConceptsWork.
@abulaith4485
@abulaith4485 5 жыл бұрын
@@ConceptsWork Wonderful explanation and I sincerely thank you for your response and your time. May be one day you can make a detailed video explaining this concept and other uses of SSO. Best wishes
@dn6085
@dn6085 3 жыл бұрын
Hey man this video was fantastic, excellent stuff, really really useful. Was wondering if there's any chance of a deep dive video to show how Azure AD Joined machines also manage to get SSO to on premise resources, e.g. file servers etc ?
@ConceptsWork
@ConceptsWork 3 жыл бұрын
Great suggestion!
@rajeshmurugan5655
@rajeshmurugan5655 5 жыл бұрын
This video is really useful. Can you please do video about refresh token , id_token and other tokens involved.
@ConceptsWork
@ConceptsWork 5 жыл бұрын
We will be posting soon.
@dinesh1681
@dinesh1681 3 жыл бұрын
This is amazing
@pg4694
@pg4694 2 жыл бұрын
hi im confused about the email address tht ur using while registering the deive and in azure ad join case i got the point that when you are joining a corporate machine you need to use your corporate email address and password that u use in azure portal but what if in case its registering device and we use any emaail address to join how ill the machine get to know that its for axure portal coz nothing is mentiond abt portal
@mahavirsaroj4136
@mahavirsaroj4136 2 жыл бұрын
Which one credentials are you using for joining with azure AD
@aexsome
@aexsome 3 жыл бұрын
Hi! We have an azure ad tenant federated with Gsuite through SAML, while the AD registered device procedure works, when we join a device to azure ad we do get a success, however users are unable to log in with their corporate credentials into the machine, would you be able to help us with a paid consultation to make it work?
@paullicari1871
@paullicari1871 2 жыл бұрын
Great Video. If you add other users from the same Tenant, how can you manage their access to the computer? Will they all be joined as Administrators?
@ConceptsWork
@ConceptsWork 2 жыл бұрын
It's a one time process, likewise once a machine is joined to Active Directory, any user who exists in active directory can sign in, similarly one a machine is joined to Azure AD, any user which exists in Azure AD can sign in to the machine.
@paullicari1871
@paullicari1871 2 жыл бұрын
@@ConceptsWork And those users would have user access and not Admin (unless we added it manually)?
@paullicari1871
@paullicari1871 2 жыл бұрын
Hello. I was looking for your Website. Are you still providing videos for Intune/MDM/MAM?
@lyfrocks5554
@lyfrocks5554 5 жыл бұрын
You are genius.
@sahanagj4792
@sahanagj4792 5 жыл бұрын
Dear sir...while joining the machine to AAD in this video, where we provided the AAD domain, or it is like if the user Account in AAD it will get connected to that AAD...could you please explain
@ConceptsWork
@ConceptsWork 5 жыл бұрын
For joining a machine to Azure Active Directory there must be an active user account existing in Azure Active Directory. Around 6:24, I am typing the upn of my user which already exists in AAD.
@sahanagj4792
@sahanagj4792 5 жыл бұрын
@@ConceptsWork Thanks much for clearing my doubt
@akhileshsharma7831
@akhileshsharma7831 5 жыл бұрын
Sir, is there any difference between azure ad join and azure ad register? Thank you
@Birendravideos
@Birendravideos 5 жыл бұрын
i also confused between both terminology
@ConceptsWork
@ConceptsWork 5 жыл бұрын
Please watch this and let me know, you still have any confusion kzbin.info/www/bejne/a4G6nWBpn7KBa5o
@ConceptsWork
@ConceptsWork 5 жыл бұрын
Please watch this and let me know, you still have any confusion kzbin.info/www/bejne/a4G6nWBpn7KBa5o
@venkateshg6920
@venkateshg6920 3 жыл бұрын
Is it possible to join the azure VM server 2019 data center into Azure (as azure adjoined)?
@sachintak9600
@sachintak9600 4 жыл бұрын
In both the videos you have joined it with the corporate account I didn't see any difference rather than just logging in at a different place where you are saying in AD Registered you use a personal account.
@ConceptsWork
@ConceptsWork 4 жыл бұрын
Yes in both the videos, I have joined the machine with the corporate id, but there is a difference. In azure AD register device you cannot login to machine with your enterpise account(I specifically mean sign in to windows). In azure AD join you can sign in with enterprise account.
@sachintak9600
@sachintak9600 4 жыл бұрын
@@ConceptsWork Yes right, that's the only difference.
@adhyatmjain5360
@adhyatmjain5360 3 жыл бұрын
Why dsregsmd run in corporate account which join azure ad
@priyankareddy3587
@priyankareddy3587 4 жыл бұрын
could you please let me know the difference b/w client and server certificate and why server cert is not generated in azure ad register
@ConceptsWork
@ConceptsWork 4 жыл бұрын
Client certificate contains device id. Server certificate is only generated for Azure AD join and Hybrid Azure AD join devices, as there is a trust that exists between the device and a specific tenant. These certificates are used to enable trust between devices in the same tenant for remote desktop scenarios. One certificate is issued to the device and another is issued to the user. The device certificate is present in Local Computer\Personal\Certificates and is valid for one day. This certificate is renewed (by issuing a new certificate) if the device is still active in Azure AD. The user certificate is present in Current User\Personal\Certificates and this certificate is also valid for one day, but it is issued on-demand when a user attempts a remote desktop session to another Azure AD joined device. It is not renewed on expiry. Both these certificates are issued using the MS-Organization-P2P-Access certificate present in the Local Computer\AAD Token Issuer\Certificates. This certificate is issued by Azure AD during device registration.
@priyankareddy3587
@priyankareddy3587 4 жыл бұрын
@@ConceptsWork thank u..
@priyankareddy3587
@priyankareddy3587 4 жыл бұрын
I have a query w.r.t above, so azure ad register is user/device context? azure ad join is user/device context also in azure ad register if a different user is logged onto the machine so SSO should not work? Is my understanding correct?
@ConceptsWork
@ConceptsWork 4 жыл бұрын
Azure AD registered and Azure AD join both are user context. If a different user log's in to machine, they will not experience SSO on Azure AD regiseted device. Fundamental - Azure AD register device doesn't allow you to sign with Azure AD account.
@dhaneswarpokhariyal115
@dhaneswarpokhariyal115 5 жыл бұрын
Hi, Do we need to Manually login on browser through microsoft account for AD joining, if we are in A domain ? Also, how can we do this through GPO? We setup GPO to join device in Hybrid AD however we are getting event ID 304 & 204 error.
@ConceptsWork
@ConceptsWork 5 жыл бұрын
I have covered the details of event id 304, in our hybrid Azure AD joined device video.
@dhaneswarpokhariyal115
@dhaneswarpokhariyal115 5 жыл бұрын
@@ConceptsWork yeah! It's covered on that, but in production scenarios are different. We have win 10 devices, all 4 url are accessible, user certificate is also there, we tried domain rejoin, but still getting error 304. Whereas, we've the such windows 10 systems on which user certificate is blank & they are connected with hybrid AD.
@ConceptsWork
@ConceptsWork 5 жыл бұрын
It has been publically documented, that these error will only be logged, because of incomplete configuration for infrastructure. If we understand how product works, it is not possible for a device to be synced with user certificate. There can be a possibility of having custom rules which is over writing the out of box configuration of AAD connect. This scenario is same for managed and federated domains. Just wanted to check , do you have managed or federated domain ?
@ConceptsWork
@ConceptsWork 5 жыл бұрын
support.microsoft.com/en-in/help/4480781/event-id-307-and-304-logged-after-deploying-windows-device
@dhaneswarpokhariyal115
@dhaneswarpokhariyal115 5 жыл бұрын
Thanks. We have managed domain environment.
@rukshithdiluk1914
@rukshithdiluk1914 3 жыл бұрын
when we join the device to Azure AD ,user will become the administrator of the device > is it possible to make this account have only the user access?
@ConceptsWork
@ConceptsWork 3 жыл бұрын
If a user is joining a device to Azure AD, that means he/she already has admin access on the machine, this is the reason why admin access is granted to the account that has been used to register. In case of enterprise, you can use IT admin accounts to join the machine to Azure AD and then hand over to users, in this case it will be a standard user.
@rajd2990
@rajd2990 4 жыл бұрын
This is amazing.
@pg4694
@pg4694 2 жыл бұрын
In bothe the cases u have us d same conceptwork account
@ConceptsWork
@ConceptsWork 2 жыл бұрын
All the machines are different, and this is a dev environment.
@pg4694
@pg4694 2 жыл бұрын
or in simple words in registration process which email address and password we need to use and what in case of join devices please explain in simple way
@najimabdelwahad4579
@najimabdelwahad4579 5 жыл бұрын
thanks :-))
@pg4694
@pg4694 2 жыл бұрын
I m still not gttng ur local account what u mean by the that in both the cases ur using ur corporate email address and for which u ha ur password too the what the hell is local account and where it is used
Microsoft Entra ID | Hybrid Azure AD Join Devices | Managed Domains
30:23
Learn Microsoft Azure Active Directory in Just 30 Mins (May 2023)
38:05
Andy Malone MVP
Рет қаралды 145 М.
Yay, My Dad Is a Vending Machine! 🛍️😆 #funny #prank #comedy
00:17
А что бы ты сделал? @LimbLossBoss
00:17
История одного вокалиста
Рет қаралды 11 МЛН
Это было очень близко...
00:10
Аришнев
Рет қаралды 6 МЛН
Sigma baby, you've conquered soap! 😲😮‍💨 LeoNata family #shorts
00:37
Azure AD Joined SSO Access to AD Joined Resources!
20:41
John Savill's Technical Training
Рет қаралды 24 М.
Microsoft Entra ID | Azure Active Directory Groups
18:56
Concepts Work
Рет қаралды 18 М.
Microsoft Entra ID | Azure Active Directory | Identity Model
16:24
Concepts Work
Рет қаралды 31 М.
Microsoft Entra ID | Hybrid Azure AD Join | Federated Domain
21:34
Concepts Work
Рет қаралды 16 М.
Microsoft Entra ID Beginner's Tutorial (Azure Active Directory)
12:55
Microsoft Mechanics
Рет қаралды 160 М.
Azure Active Directory (AD, AAD) Tutorial | Identity and Access Management Service
30:57
Adam Marczak - Azure for Everyone
Рет қаралды 717 М.
Learn how to join Windows 11 to Azure AD & Intune
27:54
Andy Malone MVP
Рет қаралды 51 М.
Microsoft WSUS - The Beginning of the End
10:33
This Week in IT
Рет қаралды 37 М.
Yay, My Dad Is a Vending Machine! 🛍️😆 #funny #prank #comedy
00:17