From the course: Windows 10: Troubleshooting Cloud Integration

Enrolling a new device into modern management

From the course: Windows 10: Troubleshooting Cloud Integration

Start my 1-month free trial

Enrolling a new device into modern management

- [Narrator] Now that we are configured our Azure AD to allow users to join their devices and auto enrolling into InTune, I'll now show you how to join a device to Azure AD. I'll click the Start and then Settings, and then click Accounts. On the left-hand side, I'll click Access work or school, and then click Connect. And here we can see a screen that allows a device to be registered to our tenant. We want to join our device to Azure Active directory and therefore I'll select the Alternate action, "Join this device to Azure Active Directory". This device will be belong to Alex, therefore I'll enter his user name and password. Notice on the right-hand side that the wizard has picked up my copper branding and displayed this even before I've authenticated the user account. I'll enter Alex's password and then click Sign in. The system will prompt you to confirm that the configuration is correct that we're connecting to the correct domain and that the user name and user type is correct. I'll confirm this and click Join. The device will then be joined to Azure AD and I'll click Done. Here we can see the device has been connected to Contoso's Azure AD. And we can see a Disconnect button and also the Info button. If we do not see the Info button, this implies that the device had been registered to the domain and not joined. Let's click info. Here we can see all information relating to the device. The Sync setting status and also an Advanced Diagnostic Report. To force the sync between Azure Active Directory and the device, I can click Sync. Whenever you are troubleshooting a device that's not receiving policies or profiles from Microsoft InTune, you should check the device sync status and force a sync. I also prefer to reboot a device that I'm troubleshooting as this will ensure that any settings had been fully configured. We can see on this device that the device is still being set up and we can click the link to show the current progress. Here we can see the enrollment status page. The device had been prepared and set up and now the account details had been completed. Let's leave the device to continue being set up. A useful command line utility that we can use to monitor mash devices is the dsregcmd executable tool. This Windows 10 tool allows administrators to query the MDM status of a device, even if they do not have access to the Azure active directory admin center. The tool will produce a detail set of resource which can be used to trouble MDM issues. Let's take a look. I'll launch a command prompt and run it as administrator. And then typed "dsregcmd.exe / status" and click return. I'll scroll back to the top and here we can see the Device State and we could see that the device is AzureAdJoined. The Device Details including the DeviceID and whether the device is protected by Tpm. Scroll down, we can see the Tenant Details. This device had been joined to a Contoso domain and enrolled into mobile device management. Here we can see the various urls related to our InTune registrations. When you look through the results, you will be able to determine if the device is AzureAdJoined and to which tenant it is joined to, if the user has an account in Azure AD and if single sign on is enabled. You'll also see if any InTune policies have been delivered to the device.

Contents