You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/devices/device-management-azure-portal.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -150,7 +150,7 @@ To enable / disable a device, you have two options:
150
150
**Remarks:**
151
151
152
152
- You need to be a global administrator in Azure AD to enable / disable a device.
153
-
- Disabling a device prevents a device from accessing your Azure AD resources.
153
+
- Disabling a device prevents a device from successfully authenticating with Azure AD, therby preventing the device from accessing your Azure AD resources that are guarded by device CA or using your WH4B credentials.
Copy file name to clipboardExpand all lines: articles/active-directory/devices/faq.md
+55-54Lines changed: 55 additions & 54 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,29 +18,10 @@ ms.author: markvi
18
18
ms.reviewer: jairoc
19
19
20
20
---
21
-
# Azure Active Directory device management FAQ
22
-
23
-
**Q: Can I register Android or iOS BYOD devices?**
24
-
25
-
**A:** Yes, but only with Azure device registration service and for hybrid customers. It is not supported with on-premises device registration service in AD FS.
26
-
27
-
**Q: How can I register a macOS device?**
28
-
29
-
**A:** To register macOS device:
30
-
31
-
1. [Create a compliance policy](https://docs.microsoft.com/intune/compliance-policy-create-mac-os)
32
-
2. [Define a conditional access policy for macOS devices](../active-directory-conditional-access-azure-portal.md)
33
21
34
-
**Remarks:**
35
-
36
-
- The users that are included in your conditional access policy need a [supported version of Office for macOS](../conditional-access/technical-reference.md#client-apps-condition) to access resources.
37
-
38
-
- During the first access attempt, your users are prompted to enroll the device using the company portal.
39
-
40
-
---
41
-
42
-
**Q: I registered the device recently. Why can’t I see the device under my user info in the Azure portal?**
22
+
# Azure Active Directory device management FAQ
43
23
24
+
**Q: I registered the device recently. Why can’t I see the device under my user info in the Azure portal? Or Why is device owner marked as N/A for hybrid Azure AD joined devices?**
44
25
**A:** Windows 10 devices that are hybrid Azure AD joined do not show up under the USER devices.
45
26
You need to use All devices view in Azure portal. You can also use PowerShell [Get-MsolDevice](/powershell/module/msonline/get-msoldevice?view=azureadps-1.0) cmdlet.
46
27
@@ -54,15 +35,20 @@ Only the following devices are listed under the USER devices:
54
35
55
36
**Q: How do I know what the device registration state of the client is?**
56
37
57
-
**A:** You can use the Azure portal, go to All devices and search for the device using device ID. Check the value under the join type column.
58
-
59
-
If you want to check the local device registration state from a registered device:
38
+
**A:** You can use the Azure portal, go to All devices and search for the device using device ID. Check the value under the join type column. Sometimes, the device could have been reset or re-imaged. So, it is essential to also check device registration state on the device too:
60
39
61
40
- For Windows 10 and Windows Server 2016 or later devices, run dsregcmd.exe /status.
62
41
- For down-level OS versions, run "%programFiles%\Microsoft Workplace Join\autoworkplace.exe"
63
42
64
43
---
65
44
45
+
**Q: I see the device record under the USER info in the Azure portal and can see the state as registered on the device. Am I setup correctly for using conditional access?**
46
+
47
+
**A:** The device join state, reflected by deviceID, must match with that on Azure AD and meet any evaluation criteria for conditional access.
48
+
For more information, see [Require managed devices for cloud app access with conditional access](../conditional-access/require-managed-devices.md).
49
+
50
+
---
51
+
66
52
**Q: I have deleted in the Azure portal or using Windows PowerShell, but the local state on the device says that it is still registered?**
67
53
68
54
**A:** This is by design. The device will not have access to resources in the cloud.
@@ -83,25 +69,6 @@ For down-level Windows OS versions that are on-premises AD domain-joined:
83
69
2. Type `"%programFiles%\Microsoft Workplace Join\autoworkplace.exe /l"`.
84
70
3. Type `"%programFiles%\Microsoft Workplace Join\autoworkplace.exe /j"`.
85
71
86
-
---
87
-
**Q: How do I unjoin an Azure AD Joined device locally on the device?**
88
-
89
-
**A:**
90
-
- For hybrid Azure AD Joined devices, make sure to turn off auto registration so that the scheduled task does not register the device again. Next, open command prompt as an administrator and type `dsregcmd.exe /debug /leave`. Alternatively, this command can be run as a script across multiple devices to unjoin in bulk.
91
-
92
-
- For pure Azure AD Joined devices, make sure you have an offline local administrator account or create one, as you won't be able to sign in with any Azure AD user credentials. Next, go to **Settings** > **Accounts** > **Access Work or School**. Select your account and click on **Disconnect**. Follow the prompts and provide the local administrator credentials when prompted. Reboot the device to complete the unjoin process.
93
-
94
-
---
95
-
96
-
**Q: My users cannot search printers from Azure AD Joined devices. How can I enable printing from Azure AD Joined devices ?**
97
-
98
-
**A:** For deploying printers for Azure AD Joined devices, see [Hybrid cloud print](https://docs.microsoft.com/windows-server/administration/hybrid-cloud-print/hybrid-cloud-print-deploy). You will need an on-premises Windows Server to deploy hybrid cloud print. Currently, cloud-based print service is not available.
99
-
100
-
---
101
-
102
-
**Q: How do I connect to a remote Azure AD joined device?**
103
-
**A:** Refer to the article https://docs.microsoft.com/windows/client-management/connect-to-remote-aadj-pc for details.
104
-
105
72
---
106
73
107
74
**Q: Why do I see duplicate device entries in Azure portal?**
@@ -124,7 +91,27 @@ For down-level Windows OS versions that are on-premises AD domain-joined:
124
91
125
92
>[!Note]
126
93
>For enrolled devices, we recommend wiping the device to ensure that users cannot access the resources. For more information, see [Enroll devices for management in Intune](https://docs.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune).
94
+
---
95
+
96
+
# Azure AD Join FAQ
97
+
98
+
**Q: How do I unjoin an Azure AD Joined device locally on the device?**
99
+
100
+
**A:**
101
+
- For hybrid Azure AD Joined devices, make sure to turn off auto registration so that the scheduled task does not register the device again. Next, open command prompt as an administrator and type `dsregcmd.exe /debug /leave`. Alternatively, this command can be run as a script across multiple devices to unjoin in bulk.
102
+
103
+
- For pure Azure AD Joined devices, make sure you have an offline local administrator account or create one, as you won't be able to sign in with any Azure AD user credentials. Next, go to **Settings** > **Accounts** > **Access Work or School**. Select your account and click on **Disconnect**. Follow the prompts and provide the local administrator credentials when prompted. Reboot the device to complete the unjoin process.
104
+
105
+
---
106
+
107
+
**Q: My users cannot search printers from Azure AD Joined devices. How can I enable printing from Azure AD Joined devices ?**
108
+
109
+
**A:** For deploying printers for Azure AD Joined devices, see [Hybrid cloud print](https://docs.microsoft.com/windows-server/administration/hybrid-cloud-print/hybrid-cloud-print-deploy). You will need an on-premises Windows Server to deploy hybrid cloud print. Currently, cloud-based print service is not available.
127
110
111
+
---
112
+
113
+
**Q: How do I connect to a remote Azure AD joined device?**
114
+
**A:** Refer to the article https://docs.microsoft.com/windows/client-management/connect-to-remote-aadj-pc for details.
128
115
129
116
---
130
117
@@ -141,13 +128,6 @@ Please evaluate the conditional access policy rules and ensure that the device i
141
128
142
129
---
143
130
144
-
**Q: I see the device record under the USER info in the Azure portal and can see the state as registered on the device. Am I setup correctly for using conditional access?**
145
-
146
-
**A:** The device join state, reflected by deviceID, must match with that on Azure AD and meet any evaluation criteria for conditional access.
147
-
For more information, see [Require managed devices for cloud app access with conditional access](../conditional-access/require-managed-devices.md).
148
-
149
-
---
150
-
151
131
**Q: Why do I get a "username or password is incorrect" message for a device I have just joined to Azure AD?**
152
132
153
133
**A:** Common reasons for this scenario are:
@@ -156,7 +136,7 @@ For more information, see [Require managed devices for cloud app access with con
156
136
157
137
- Your computer is unable to communicate with Azure Active Directory. Check for any network connectivity issues.
158
138
159
-
- Federated logins requires your federation server to support a WS-Trust active endpoint.
139
+
- Federated logins requires your federation server to support WS-Trust endpoints enabled and accessible.
160
140
161
141
- You have enabled Pass through Authentication and the user has a temporary password that needs to be changed on logon.
162
142
@@ -168,15 +148,16 @@ For more information, see [Require managed devices for cloud app access with con
168
148
169
149
---
170
150
171
-
**Q: Why did my attempt to join a PC fail although I didn't get any error information?**
151
+
**Q: Why did my attempt to Azure AD join a PC fail although I didn't get any error information?**
172
152
173
153
**A:** A likely cause is that the user is logged in to the device using the local built-in administrator account.
174
154
Please create a different local account before using Azure Active Directory Join to complete the setup.
175
155
176
-
177
156
---
178
157
179
-
**Q: Where can I find troubleshooting information about the automatic device registration?**
158
+
# Hybrid Azure AD Join FAQ
159
+
160
+
**Q: Where can I find troubleshooting information for diagnosing hybrid Azure AD join failures?**
180
161
181
162
**A:** For troubleshooting information, see:
182
163
@@ -187,3 +168,23 @@ Please create a different local account before using Azure Active Directory Join
187
168
188
169
---
189
170
171
+
# Azure AD Register FAQ
172
+
173
+
**Q: Can I register Android or iOS BYOD devices?**
174
+
175
+
**A:** Yes, but only with Azure device registration service and for hybrid customers. It is not supported with on-premises device registration service in AD FS.
176
+
177
+
**Q: How can I register a macOS device?**
178
+
179
+
**A:** To register macOS device:
180
+
181
+
1. [Create a compliance policy](https://docs.microsoft.com/intune/compliance-policy-create-mac-os)
182
+
2. [Define a conditional access policy for macOS devices](../active-directory-conditional-access-azure-portal.md)
183
+
184
+
**Remarks:**
185
+
186
+
- The users that are included in your conditional access policy need a [supported version of Office for macOS](../conditional-access/technical-reference.md#client-apps-condition) to access resources.
187
+
188
+
- During the first access attempt, your users are prompted to enroll the device using the company portal.
0 commit comments