We have observed recently many customers are asking why they do see the same device has two device objects on Azure AD, and connected twice to Azure AD as Azure AD Registered and Hybrid Azure AD Joined device.

In this article, I am going to describe what does dual state mean and how to get rid of this state in the recommended way in the following points:

Responding to COVID-19 (aka. coronavirus) crisis, employees started working from home, and we start receiving many queries about Azure AD Devices. In this article, I am going to answer the most frequently asked questions.

In this article, I am discussing device registration for hybrid Azure AD joined devices.

First of all, let’s go through device registration steps:

1. The device tries to retrieve tenant id and domain name from registry [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CDJ\AAD].
2. If it fails, the device communicates with Local AD (config partition) to get the tenant’s information form Service Connection Point (SCP). You can get SCP information using Device Registration Troubleshooter Tool PowerShell.
3. Then, the device tries to communicate with Microsoft resources under the system context. You can verify if the device can access Microsoft resources under the system account by using the Test Device Registration Connectivity script.
4. The device authenticates against either Azure AD or federation service (e.g. ADFS).
5. The device registration process finishes.

Continue reading →

In a previous article I described why Do I really need to connect my device to Azure AD.
In this article I will describe the available types of having devices connected to Azure AD to gain the benefits of utilizing Office 365 services, and when to use each one of them.

Continue reading →