Joining multi-user Windows 10 workstation to Azure Active Directory

This article provides instructions on how to join Windows 10 work computer to University of Windsor Azure AD. This procedure only applies to workstations shared by two or more people (ie. shared PC). For instruction on how to join a single-user workstation, please see Related Articles section on the right.

Workstations that are shared by multiple users, should be joined to Azure AD using a provisioning package. This method eliminates the need to use Azure Admin account credentials.

NOTE: Only University-owned devices, and devices purchased with research grant money should be joined to Azure AD. Personal devices that are being used to access University systems and data (BYOD) should be registered with Azure AD

Prerequisites

1. Ensure that the local Administrator account is enabled with a correct password using lusrmgr.msc tool. Sign into Windows using the local Administrator account.

2. Ensure that Windows 10 Enterprise or Professional edition is running on the computer. If it is Home edition, switch it to Enterprise by changing product key.

3. If OES Client or Novell Client is installed on this computer, remove it prior to joining it to Azure AD.

4. If Sophos Endpoint Security is installed, remove it following instructions in this article: How to remove Sophos Endpoint Security and Control from a Windows 10 computer?

5. For each local user account:

  • Ensure that the latest version of OneDrive client is installed and running without any issues. Enable Auto-save option (aka known folders redirection) in OneDrive client settings. This will back up files stored on Windows Desktop as well as contents of Documents and Pictures folders onto client's OneDrive. If needed, backup other folders, such as Music, Videos, Downloads and other folders by copying them manually onto OneDrive.
  • Export user's browser bookmarks and store them on OneDrive. Note that some users have bookmarks in more than one browser.
  • Back up Outlook signature(s) onto OneDrive following instructions in the KB article: How to back up Outlook's signatures?

Retrieving the Provisioning Package

  1. Open an instance of Windows File Explorer and navigate to the Inunte file share located at \\uwdfs.uwinad.uwindsor.ca\Apps\Intune\Provisioning

  2. Copy the AzureADJoin_{ExpDate}.ppkg file to a USB stick.
    NOTE: Watch the expiry date on the package. The package will not work when the date has passed.

Joining to Azure AD

  1. Sign into Windows using the local Administrator account.
  2. Insert the USB stick containing provisioning package file copied from \\uwdfs.uwinad.uwindsor.ca\Apps\Intune\Provisioning
  3. Go to Windows Settings and navigate to Accounts > Access work or school
  4. Click on Add or remove a provisioning package link
  5. Click on Add a package
  6. Click on AzureADJoin_Exp2020-01-11.ppkg then click on Add
  7. Enter the password
  8. Confirm that you trust the package by clicking Yes, add it
  9. A message You're about to be signed out will be displayed; click OK. Computer will automatically reboot in one minute.

Note that this deployment package is designed to:

  • Join device to Azure AD
  • Change computer name to "UWINDSOR-{SerialNumber}" You will need to manually rename it to the proper name.
  • Enable local administrator account "uwinadmin" with a new password.

Windows Settings

Proceed to adjust the Windows 10 settings by following instructions in this KB article:

Additional Tasks

  • Retrieve a copy of {ComputerName} autopilot.csv file from C:\Users\Public\Downloads\ and upload it to \\uwdfs.uwinad.uwindsor.ca\Shares\ITS\Autopilot\CSV-New file share if you have access to it, or send it to autopilot@uwindsor.ca if you don't.
  • Launch Company Portal app and set device category. Install additional software as required.
  • Launch Windows Explorer and, if applicable, add DFS share(s) using "Add network location"
  • Add network printers.
  • Depending on the computer make, use either HP Assistant or Dell Command Update or Lenovo Vantage to check for and install all driver's updates. These tools get installed automatically by Intune during the "Setting your computer for work" step.

Details

Article ID: 82591
Created
Fri 7/5/19 4:28 PM
Modified
Mon 4/5/21 11:20 AM