Forum Discussion
Azure AD Conditional Access - Require Domain Joined Device
Does the ‘Domain Join’ checkbox in Azure AD Conditional Access require Azure AD Domain join, or does it mean on-premises Domain Join? The attached screen shot says ‘Not Azure AD Domain Join’ but the ...
- Correct, that would be on-prem AD domain-join.
Why it's confusing is because it's possible to have on-prem AD domain-joined PCs automatically register and enroll with Azure AD.
Not really, though from memory you can enroll Windows 7 devices into Intune, which would implicitly register them. Though if you're going to go through that, you may as well set up Hybrid AAD Join.
You are right.
Also, as far as I know, the Intune enrollment on Windows 7 requires some user interaction and cannot be done during sign-on. Well, automatic MDM enrollment can be set up in Azure, but the workplace join has to be initiated by the user at some point. I am not familiar with a way where the user doesn't have to enter his email address and password to join Azure. Also within Autopilot the user has to enter the credentials at this point.
Also, as far as I know, the Intune enrollment on Windows 7 requires some user interaction and cannot be done during sign-on. Well, automatic MDM enrollment can be set up in Azure, but the workplace join has to be initiated by the user at some point. I am not familiar with a way where the user doesn't have to enter his email address and password to join Azure. Also within Autopilot the user has to enter the credentials at this point.
