Forum Discussion

David Machula's avatar
David Machula
Copper Contributor
Sep 21, 2018

Sync Windows 10 machines to AAD - where do we see them?

When I sync users to AAD I can see them in Azure portal:

 

Azure Active Directory | Users

 

I understood you can sync Windows 10 devices to AAD.


If that is exact, how would you know if they are synced or not?

 

Recently synced users appear in the location indicated above and we can also see them in the MS 365 Admin Center (Users | Active Users).


The only Windows 10 machines we can see in Azure Active Directory | Devices are those that were registered manually by the users.

 

Thanks in advance for your assistance.

  • Brent Ellis's avatar
    Brent Ellis
    Silver Contributor

    There is a setting in AADConnect (and also a powershell that can be run) to enable this (it is called hybrid azure ad joining".  Basically tells Azure that these computers exist in your On-Prem AD

     

    The place we look is in Azure Portal, Home > Microsoft Intune > Azure AD Devices

    You can also get there at Azure Portal > Azure Active Directory > Devices

     

    You'll see two entries for each computer if you've done it right under Join Type, 1 for the "Azure AD Registered", and 1 for the "Hybrid Azure AD Joined".  We've never been able to figure out how to merge them into the same entry.

     

    • David Machula's avatar
      David Machula
      Copper Contributor

      Thanks Brent. I noticed an optional feature like that when I ran the the ADD Connect configuration tool. Does the option you suggest imply that write-back (to onsite AD) is enabled?

  • Peter Stapf's avatar
    Peter Stapf
    Brass Contributor

    Hi hybrid joined devices and also synchronized devices will be shown at AAD -> Devices or you can use PowerShell: Get-AzureADDevices

     

    They are not shown on myapps.microsoft.com for example as they are not joined by a user, instead by the computer account itself.

    Synched devices will normaly show like MYPC03$ while this changes when hybrid join by the device will take place (dsregcmd.exe) then it will be renamed MYPC03.

     

    Older devices entries (Workplace Joined) cannot be merged with the hybrid joined devices, you can just remove them because they will not be used any more.

    To identity if a device a currently used, check the proximateLastLogin attribute on the PowerShell output.

     

    /Peter

     

Resources