In this article, I am discussing device registration for hybrid Azure AD joined devices.

First of all, let’s go through device registration steps:

1. The device tries to retrieve tenant id and domain name from registry [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CDJ\AAD].
2. If it fails, the device communicates with Local AD (config partition) to get the tenant’s information form Service Connection Point (SCP). You can get SCP information using Device Registration Troubleshooter Tool PowerShell.
3. Then, the device tries to communicate with Microsoft resources under the system context. You can verify if the device can access Microsoft resources under the system account by using the Test Device Registration Connectivity script.
4. The device authenticates against either Azure AD or federation service (e.g. ADFS).
5. The device registration process finishes.

Continue reading →

In a previous article I described why Do I really need to connect my device to Azure AD.
In this article I will describe the available types of having devices connected to Azure AD to gain the benefits of utilizing Office 365 services, and when to use each one of them.

Continue reading →