What is a Microsoft Entra joined device? - Microsoft Entra ID (original) (raw)

Skip to main content

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Microsoft Entra joined devices

In this article

Any organization can deploy Microsoft Entra joined devices no matter the size or industry. Microsoft Entra join works even in hybrid environments, enabling access to both cloud and on-premises apps and resources.

Microsoft Entra join Description
Definition Joined only to Microsoft Entra ID requiring organizational account to sign in to the device
Primary audience Suitable for both cloud-only and hybrid organizations.
Applicable to all users in an organization
Device ownership Organization
Operating Systems All Windows 11 and Windows 10 devices except Home editions
Windows Server 2019 and newer Virtual Machines running in Azure (Server core isn't supported)
(Public preview) Apple devices running macOS 13 or newer
Provisioning Self-service: Windows Out of Box Experience (OOBE) or Settings
Bulk enrollment
Windows Autopilot
(Public preview) Apple Automated Device Enrollment (applies to Apple devices only)
Device sign in options Organizational accounts using:
Password
Passwordless options like Windows Hello for Business, Platform Credential for macOS (Public preview) and FIDO2.0 security keys.
Device management Mobile Device Management (example: Microsoft Intune)
Configuration Manager standalone or co-management with Microsoft Intune
Key capabilities single sign-on (SSO) to both cloud and on-premises resources
Conditional Access through mobile device management (MDM) enrollment and compliance evaluation
Self-service Password Reset and Windows Hello PIN reset on lock screen

You sign in to Microsoft Entra joined devices using a Microsoft Entra account. Access to resources can be controlled based on your account and Conditional Access policies applied to the device.

Administrators can secure and further control Microsoft Entra joined devices using Mobile Device Management (MDM) tools like Microsoft Intune or in co-management scenarios using Microsoft Configuration Manager. These tools provide a means to enforce organization-required configurations like:

Administrators can make organization applications available to Microsoft Entra joined devices using Configuration Manager to Manage apps from the Microsoft Store for Business and Education.

Microsoft Entra join can be accomplished using self-service options like the Out of Box Experience (OOBE), bulk enrollment, Apple Automated Device Enrollment (public preview), or Windows Autopilot.

Microsoft Entra joined devices can still maintain single sign-on access to on-premises resources when they are on the organization's network. Devices that are Microsoft Entra joined can still authenticate to on-premises servers like file, print, and other applications.

Scenarios

Microsoft Entra join can be used in various scenarios like:

You can configure Microsoft Entra join for all Windows 11 and Windows 10 devices except for Home editions.

The goal of Microsoft Entra joined devices is to simplify:

A diagram showing Microsoft Entra joined devices interacting with an on-premises domain.

Microsoft Entra join can be deployed by using any of the following methods:


Feedback

Additional resources

In this article