Great video. I’ve done all steps but after restart I’m unable to sign into the machine with work account.
@wotongzhou81523 жыл бұрын
this is sooooooooooooooo helpful, you are legend, keep up
@jktification2 жыл бұрын
Do you need local admin rights to do the aad join? Seems like you want to prevent regular users from joining any pc they want. Also why should any user joining get admin rights? Seems like not good
@2mahender3 жыл бұрын
Thanks bro, iam able to join my personal machine can i access office 365 etc apps also
@abhimanyusinghshekhawat68714 жыл бұрын
Thanks, well executed explanation! I have one query on this, can we join the same device with different Azure AD accounts and login with both the IDs at the different times to work on this?
@ashisharya652 жыл бұрын
Hi, Here once the device is joined to Azure AD, will I be able to use my previous account (which I used to join the device to AAD) to login to the same device or do I have to use only my corporate account? Regards, Ashish Arya
@ConceptsWork2 жыл бұрын
Yes for sure, you will be able to use your previous account. (Hopefully it is a local account on the device.)
@abulaith44855 жыл бұрын
Thanks again for such a great content. Can you please if possible explain the concept of Single Sign On and how it works in Azure. I find it confusing. Does SSO mean if you login to different applications with different credentials, all one has to do is sign on once with the application specific credentials and then it will be saved in AAD?. I find the way you explain things is really helpful. Many thanks
@ConceptsWork5 жыл бұрын
This is just one example, there could be "n" number of use cases. Hello Abu, Thank you all your acknowledgements. SSO in a nutshell means single sign on i.e., the user will use same credentials for all the applications.(Provided the identity provider is same) Implementing SSO with different IDP has to be configured with different processes. If your IDP is same for multiple applications, the user is not prompted for credentials. For Example; You have added two application in Azure AD "Application A" and "Application B." User Tried signing in to Application A, since AzureAD is the identity provider, authentication will be redirected to Azure AD. Once the user is authenticated, Azure AD and the application will save certian cookies in the browser. Now lets say user tries to sign to Application B in another Tab of the browser, Application B will also redirect the request to Azure AD. In this case when the user agent receives a redirect for the same endpoint which will be login.microsoftonline.com , User agent presents the current active cookie. Now, The idp will validate the cookies, in this case, since the cookies will be valid user will not be prompted for authentication. Now lets suppose session time (or cookie) is expired, then if you have configured SSO correctly, user will be redirected to the respective endpoints and since the endpoints are added in local intranet zone, user's authentication will be processed by default. Regards, ConceptsWork.
@abulaith44855 жыл бұрын
@@ConceptsWork Wonderful explanation and I sincerely thank you for your response and your time. May be one day you can make a detailed video explaining this concept and other uses of SSO. Best wishes
@dn60853 жыл бұрын
Hey man this video was fantastic, excellent stuff, really really useful. Was wondering if there's any chance of a deep dive video to show how Azure AD Joined machines also manage to get SSO to on premise resources, e.g. file servers etc ?
@ConceptsWork3 жыл бұрын
Great suggestion!
@rajeshmurugan56555 жыл бұрын
This video is really useful. Can you please do video about refresh token , id_token and other tokens involved.
@ConceptsWork5 жыл бұрын
We will be posting soon.
@dinesh16813 жыл бұрын
This is amazing
@pg46942 жыл бұрын
hi im confused about the email address tht ur using while registering the deive and in azure ad join case i got the point that when you are joining a corporate machine you need to use your corporate email address and password that u use in azure portal but what if in case its registering device and we use any emaail address to join how ill the machine get to know that its for axure portal coz nothing is mentiond abt portal
@mahavirsaroj41362 жыл бұрын
Which one credentials are you using for joining with azure AD
@aexsome3 жыл бұрын
Hi! We have an azure ad tenant federated with Gsuite through SAML, while the AD registered device procedure works, when we join a device to azure ad we do get a success, however users are unable to log in with their corporate credentials into the machine, would you be able to help us with a paid consultation to make it work?
@paullicari18712 жыл бұрын
Great Video. If you add other users from the same Tenant, how can you manage their access to the computer? Will they all be joined as Administrators?
@ConceptsWork2 жыл бұрын
It's a one time process, likewise once a machine is joined to Active Directory, any user who exists in active directory can sign in, similarly one a machine is joined to Azure AD, any user which exists in Azure AD can sign in to the machine.
@paullicari18712 жыл бұрын
@@ConceptsWork And those users would have user access and not Admin (unless we added it manually)?
@paullicari18712 жыл бұрын
Hello. I was looking for your Website. Are you still providing videos for Intune/MDM/MAM?
@lyfrocks55545 жыл бұрын
You are genius.
@sahanagj47925 жыл бұрын
Dear sir...while joining the machine to AAD in this video, where we provided the AAD domain, or it is like if the user Account in AAD it will get connected to that AAD...could you please explain
@ConceptsWork5 жыл бұрын
For joining a machine to Azure Active Directory there must be an active user account existing in Azure Active Directory. Around 6:24, I am typing the upn of my user which already exists in AAD.
@sahanagj47925 жыл бұрын
@@ConceptsWork Thanks much for clearing my doubt
@akhileshsharma78315 жыл бұрын
Sir, is there any difference between azure ad join and azure ad register? Thank you
@Birendravideos5 жыл бұрын
i also confused between both terminology
@ConceptsWork5 жыл бұрын
Please watch this and let me know, you still have any confusion kzbin.info/www/bejne/a4G6nWBpn7KBa5o
@ConceptsWork5 жыл бұрын
Please watch this and let me know, you still have any confusion kzbin.info/www/bejne/a4G6nWBpn7KBa5o
@venkateshg69203 жыл бұрын
Is it possible to join the azure VM server 2019 data center into Azure (as azure adjoined)?
@sachintak96004 жыл бұрын
In both the videos you have joined it with the corporate account I didn't see any difference rather than just logging in at a different place where you are saying in AD Registered you use a personal account.
@ConceptsWork4 жыл бұрын
Yes in both the videos, I have joined the machine with the corporate id, but there is a difference. In azure AD register device you cannot login to machine with your enterpise account(I specifically mean sign in to windows). In azure AD join you can sign in with enterprise account.
@sachintak96004 жыл бұрын
@@ConceptsWork Yes right, that's the only difference.
@adhyatmjain53603 жыл бұрын
Why dsregsmd run in corporate account which join azure ad
@priyankareddy35874 жыл бұрын
could you please let me know the difference b/w client and server certificate and why server cert is not generated in azure ad register
@ConceptsWork4 жыл бұрын
Client certificate contains device id. Server certificate is only generated for Azure AD join and Hybrid Azure AD join devices, as there is a trust that exists between the device and a specific tenant. These certificates are used to enable trust between devices in the same tenant for remote desktop scenarios. One certificate is issued to the device and another is issued to the user. The device certificate is present in Local Computer\Personal\Certificates and is valid for one day. This certificate is renewed (by issuing a new certificate) if the device is still active in Azure AD. The user certificate is present in Current User\Personal\Certificates and this certificate is also valid for one day, but it is issued on-demand when a user attempts a remote desktop session to another Azure AD joined device. It is not renewed on expiry. Both these certificates are issued using the MS-Organization-P2P-Access certificate present in the Local Computer\AAD Token Issuer\Certificates. This certificate is issued by Azure AD during device registration.
@priyankareddy35874 жыл бұрын
@@ConceptsWork thank u..
@priyankareddy35874 жыл бұрын
I have a query w.r.t above, so azure ad register is user/device context? azure ad join is user/device context also in azure ad register if a different user is logged onto the machine so SSO should not work? Is my understanding correct?
@ConceptsWork4 жыл бұрын
Azure AD registered and Azure AD join both are user context. If a different user log's in to machine, they will not experience SSO on Azure AD regiseted device. Fundamental - Azure AD register device doesn't allow you to sign with Azure AD account.
@dhaneswarpokhariyal1155 жыл бұрын
Hi, Do we need to Manually login on browser through microsoft account for AD joining, if we are in A domain ? Also, how can we do this through GPO? We setup GPO to join device in Hybrid AD however we are getting event ID 304 & 204 error.
@ConceptsWork5 жыл бұрын
I have covered the details of event id 304, in our hybrid Azure AD joined device video.
@dhaneswarpokhariyal1155 жыл бұрын
@@ConceptsWork yeah! It's covered on that, but in production scenarios are different. We have win 10 devices, all 4 url are accessible, user certificate is also there, we tried domain rejoin, but still getting error 304. Whereas, we've the such windows 10 systems on which user certificate is blank & they are connected with hybrid AD.
@ConceptsWork5 жыл бұрын
It has been publically documented, that these error will only be logged, because of incomplete configuration for infrastructure. If we understand how product works, it is not possible for a device to be synced with user certificate. There can be a possibility of having custom rules which is over writing the out of box configuration of AAD connect. This scenario is same for managed and federated domains. Just wanted to check , do you have managed or federated domain ?
when we join the device to Azure AD ,user will become the administrator of the device > is it possible to make this account have only the user access?
@ConceptsWork3 жыл бұрын
If a user is joining a device to Azure AD, that means he/she already has admin access on the machine, this is the reason why admin access is granted to the account that has been used to register. In case of enterprise, you can use IT admin accounts to join the machine to Azure AD and then hand over to users, in this case it will be a standard user.
@rajd29904 жыл бұрын
This is amazing.
@pg46942 жыл бұрын
In bothe the cases u have us d same conceptwork account
@ConceptsWork2 жыл бұрын
All the machines are different, and this is a dev environment.
@pg46942 жыл бұрын
or in simple words in registration process which email address and password we need to use and what in case of join devices please explain in simple way
@najimabdelwahad45795 жыл бұрын
thanks :-))
@pg46942 жыл бұрын
I m still not gttng ur local account what u mean by the that in both the cases ur using ur corporate email address and for which u ha ur password too the what the hell is local account and where it is used