How to switch from a local user account/profile , to using an Azure AD connected account/profile?

Iron Contributor

We have a few Surface Pro devices that have users logging into Windows 10 Pro using a local user account.   We have since migrated to Microsoft 365 Business so I would like these users to start logging in using their M365 Azure AD account, so that they can self-service their login password and MFA method, as well as allowing me to better manage their device through InTune.

 

How do I switch the user over to an Azure AD login account and Windows profile?

13 Replies

 

AccessWorkorSchool.jpgIn the Settings menu --> Accounts choose the Access Work or School and choose the connect, make sure you choose the option to join Azure AD, then from the Accounts --> Other Users Add other users and add the Azure AD account you want to login as a Standard or Administrator.  This will allow the user to then login.  At the login prompt use the Azure AD email address (UPN) to login.  It will create a new profile for you.

Thanks, Murray.   And once I do this, will that then give me the prompt after the next reboot to enter my Office 365 email address, and not just a username, to log onto the Surface Pro and that will take me into my "Azure AD" specific profile on the device?

Yes it will - Be sure you login with the account you specified when you joined to the device to Azure AD - or added any other accounts to the machine that you want logging in.  I use this on a good number of my devices.

@Murray WallI also followed the same steps and entered office email address which is my UPN as an user and it didnt accept it saying its not a microsoft account, I tried all other available option none of them worked.

Hi @navn1620

 

I had the same issue, you should add the account again in the work or school account panel, and be sure to select the Azure AD option. It should all work fine then. Hope this helps! 

 

EDIT:

After doing the step above you can log out of your current account en then select the option to sign in with a different account, just sign in with the credentials of the user and it should work.

Hello, and how it works in offline mode. I couldn't login to the computer without internet connection... So in that case we will use Office 365 Azure AD account we will not be able to work in that profile without internet, in offline mode? Or how to set up to be able?

Thanks

You should be able to login to a computer you have previously been authenticated on, on a new machine, you must be connected to M365 to authenticate. You canalso have a hybrid joined machine or use a hardware token or passwordless auth that has something stored in the local TPM that is trusted as a long term solution. Also know that you need to be online at some point in time to be able to renew and actually use the SaaS....

@OneTechBeyond 

 

Is there a way to do this and have it import or transfer their current profile/settings to the new login, or would that have to be imported manually?

@nodorizzi
Thats a good question that I test out on VM's because when you join to Azure AD from a local account....pooof, the new Azure AD account is a clean slate and I know alot of people freak out when that happens. I do know you can use a profile migrator but have not tried to migrate into an Azure AD account(would be interesting). You can also search the local users folders I beleive within the AzureAD account and move them or move them to OneDrive first and then switch to Azure AD.
You can go back to the local account by signing in as other user, the do the old username with ".\old_username" to go back into the local account domain or workgroup and then get what you need. But people definitely need to be ready before they switch as far as their files and favs cause its like starting a new computer with a blank Windows profile.
Have you figured out a good way since you wrote the post?

@Murray WallThank you a million times over!  It worked!  The users in our small business can log in to Windows using their ".onmicrosoft.com" account (for Microsoft Business 365).

@tcarruth @Murray_Wall standard user is not able to open the setting or control panel on the azureAD account. Do you have any suggestions to solve the issue?

@ManikandanBaskaran03 you bring up a good point. In my administrator role I shall be setting up the company new users on new equipment.

I'm not yet at the point of converting existing users. Some use their own Microsoft Consumer Accounts to log on to Windows. Others use their own local account, and still others use a shared Microsoft Consumer Account that was created under the business domain (before Microsoft disallowed that). It's a mess.
What makes it even more messy is that to switch them to logging on with their .onmicrosoft.com accounts, is that they will lose all their saved info in their browsers because new profiles will get created with the new accounts. I have not yet found an easy way to "port" or "copy" Edge profile settings from one user to another. If you know then please share.