Microsoft 365 Mobility and Security：Exam Guide MS-101

上QQ阅读APP看书，第一时间看更新

Registered versus joined devices

Azure AD registered devices are typically the personal devices in a BYOD scenario on which a user enters their work or school credentials to access their organization resources and data from an organization's domain. The previously mentioned Android and iOS enrollments would be registered devices.

For example, you might sign into your personal computer while connected to your organization's Wi-Fi and you need access to Active Directory for emailing and room reservations.

Azure AD joined devices are work owned, such as your work-issued laptop, and allow for easy deployment of Windows and features such as Single Sign-On (SSO), which don't require a user to be connected to an organization's domain to sign in.

If you already have devices joined to your on-premises Active Directory, you can configure a hybrid Azure AD join setup as well. This allows you to still benefit from any existing group policy (GP) configurations.

You can learn more about planning MDM integration with Azure AD here:

Azure AD join: https://docs.microsoft.com/en-us/azure/active-directory/devices/azureadjoin-plan
Hybrid Azure AD join: https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan

By default, your Azure AD Device settings allow users to join their devices to Azure AD. You can configure this as follows:

Next, we will set up automatic enrollment.