Then on the versions of Windows targeted at businesses, users will be asked whether this is their personal device or one issued to them by the organization they work for:
Choosing "this device belongs to my organization" starts the Azure AD Join experience. Employees then enter their Azure AD username:
Then the Azure AD looks for a matching tenant in our service. If the employee is a cloud only use, this page will morph to show their organization's custom branding and they will enter their password directly into the page. If the employee is a member of a federated domain hthey will be redirected to the organization's on-premises federation server (e.g. ADFS) for authentication.
Based on IT policy, users can also be prompted to provide a second factor of authentication at this point:
Azure AD will then check whether the device should be enrolled in MDM and if so prompt the user to agree to the enrollment terms (which customers will be able to modify as needed)
Windows will then register the device in the organization's directory in Azure AD and enroll it in MDM:
When this is done, Windows will wrap up the setup process.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.