As we know, Windows 10 became available in August with a lot of benefits to our customers, and with “him”, several cloud changes were been questioned. In the near future, Microsoft Azure will assume a crucial role at most of global organizations, and even the most skeptical IT decision makers will be surrounded to their benefits and felt excited with that.
Azure AD consists on a directory behind Office 365 and Intune subscriptions. So, if we want to manage Windows 10 devices (Laptops, Surfaces..) through Azure AD, we’ve two options:
- Azure AD Join
- Workplace Join
These two options have distinct goals. Let take a quick dive on it.
Let me start with the Workplace Join. Resuming, consists on a feature built natively for Windows 8.1, which allow users to access to specific identified corporate services and resources. Was been improved for Windows 10, and allow the employee who uses their personal phone (or computer, or tablet,…) to extend its (or their) functionalities. Basically, consists in a high-level trust mechanism established between organization and employee. The resource (phone, computer, tablet,…) will be represented on the Azure AD and provides to IT an assessment view and reporting, but as expected, provide only few actions and control about them. Is directly built and designed for BYOD scenarios.
In the other hand, if your IT dept. are distributing provisioned Windows 10 devices to employees which will have mainly accesses to Office 365, web apps (deployed through “My Apps” portal) and other “cloud-based” resources, the Azure AD Join should be your choice. Provide several gains to the prior one including the Windows 10 login with Azure AD accounts/credentials and the Single-Sign-On for cloud-based (and On-Premises) services and resources. In addition, provide a crucial improvement – providing the native Microsoft Intune enrollment during its join.
It’s impossible not talk (or write in this case) about the Domain Services of Azure AD, which is currently in Preview and released recently by Microsoft. Domain Services is still a «baby» and according to that fact, will grow significantly for sure in the next weeks, which in fact can have some risks if you’re considering this implementation in a short period. Despite of that, Domain Services provide the possibility to consuming local Group Policy Objects (GPOs) and deploy them via Azure AD, or to create new ones (and deploy them of course). The main goal will be achieved: manage all supported devices through the cloud just as your doing now On-Premises. Additionally, Domain Services will integrate natively with the current Azure tenants (could it be in a different way?).
Let me share some deep sources about it Azure AD Join and Azure AD Domain Services.
Enjoy Azure AD!
/ Fabio