Whereas Azure AD registration and Intune management work with macOS, iOS, and Android, Azure AD join requires a Windows-based client or server system. Because the endpoint is corporate owned, you can enforce policy that wouldn't work with personally owned devices. Azure AD JoinĪzure AD join is your option for the corporate owned, personally enabled (COPE) endpoint device scenario.
However, deep corporate endpoint management requires both Azure AD join and Microsoft Intune. Windows-based endpoints registered with Azure AD can store their BitLocker recovery keys in Azure AD.
In the following composite screenshot, you can see me register my fictional test user Pramod's iPhone. The specific steps depend on the endpoint type, how much automation is required, and whether you're onboarding the endpoint from the server or the client.įirst, I'll install the Microsoft Authenticator mobile app, open Settings, tap Device Registration, and sign into my directory. NOTE: As is typical with Microsoft technologies, there exist several methods to register and/or join a device to Azure AD. In this example, we'll register an Apple iPhone with my TIMW.INFO Azure AD organization. Let me walk you through one way to register an endpoint device with Azure AD. Intune is part of a larger Microsoft MDM platform called Microsoft Endpoint Manager.
Microsoft's primary MDM tool is Microsoft Intune. While Azure AD Premium gives Azure AD registered or joined devices SSO to your cloud apps, you'll need a first- or third-party mobile device management (MDM) product to enforce policies such as data encryption, remote wipe, and so on. Users here can sign in to their device by using either a local device ID (for instance, their Apple account on an iOS device) or their Azure AD identity. An Azure AD-registered device is "lightly managed" by Azure AD admins.
For BYOD, Azure AD gives us Azure AD registration.
0 kommentar(er)
