Hands On Depending on your circumstances you may well have been looking forward to the day of signing in to Windows 10 using nothing more than an Office 365 login, via Azure Active Directory. But that day may not be upon us quite yet.
There are two aspects to Azure AD sign-in with Windows 10. One is for administrators, who get the ability to manage Windows 10 PCs in the manner of mobile devices, with the ability to enforce security policies.
It can be used alongside Windows InTune, a cloud management service which lets admins monitor the health of PCs, control updates and install applications.
The other aspect is for users who want single sign-on so that once logged into their PC, they do not have the hassle of constantly re-entering passwords.
Office 365 email, based on the Exchange server and the Outlook client, generally works well, but Microsoft’s cloud document offering, based on SharePoint online, is more problematic.
It is confusingly named OneDrive for Business, which makes it sound similar to the consumer version of OneDrive even though it is different technology, and the OneDrive for Business synchronization client is error-prone and with annoying limitations on the library size and the path length.
Deeply nested folders do not work, because folder and file name combinations are limited to 250 characters.
Another persistent cause of confusion is Microsoft’s use of both organizational accounts (Azure AD) and Microsoft accounts for its cloud services. A Microsoft account (MSA) is a consumer account for OneDrive, Outlook.com, Windows Store and other cloud services.
In Windows 8, you can sign in with an MSA but not with an organisational account. Many users have the same email address for both, adding to the confusion.
Enabling Azure AD Join in the Azure portal
I tried signing in with Azure AD on a fresh install of Windows 10 build 10240, the latest build which is rumoured to be close to the release version. Note that before you do this, an Office 365 administrator has to enable “Users may Azure AD join devices” in the Azure AD management portal. The feature is still marked as preview. You also need at least the Pro edition of Windows 10.
Azure AD sign-in on Windows 10
The initial experience is promising. During Windows setup you get a screen that asks “Who owns this PC?”. If you select “My organisation” you can opt for either “Join Azure AD” or “Join a domain". Next, you sign into your Azure AD account and follow the prompts to create a PIN for quick sign-in.
Your identity is verified by a text code sent to your mobile (or there are other verification options). Finally, you have to agree to accept security policies enforced by your organization.
Once logged in, I opened Edge, navigated to Office 365, and was immediately greeted with my email inbox, no further sign-in required. In addition, the modern Mail and Calendar apps were already signed in. This is how it ought to work.