WEBVTT 0:00:03.100000 --> 0:00:07.240000 In this video, we're going to take a look at the options we have in Azure 0:00:07.240000 --> 0:00:10.060000 AD for managing devices. 0:00:10.060000 --> 0:00:13.520000 The topics that we're going to cover, we're going to look at device integration 0:00:13.520000 --> 0:00:17.100000 into the Azure AD environment. 0:00:17.100000 --> 0:00:21.600000 We'll look at device registration, talk about the process of joining a 0:00:21.600000 --> 0:00:26.500000 device, we'll look at device management, and then finally, I'm going to 0:00:26.500000 --> 0:00:30.300000 go through and demonstrate device join. 0:00:30.300000 --> 0:00:31.940000 So let's go ahead and take a look. 0:00:31.940000 --> 0:00:40.640000 Now, when we talk about device integration, there's actually a few different 0:00:40.640000 --> 0:00:42.840000 options here for device integration. 0:00:42.840000 --> 0:00:45.100000 Just get that in real quick. 0:00:45.100000 --> 0:00:48.020000 Okay, you've got three basic options. 0:00:48.020000 --> 0:00:50.320000 The first is register devices. 0:00:50.320000 --> 0:00:55.320000 Then you have Azure AD joined devices, then you have hybrid AD joined 0:00:55.320000 --> 0:00:59.620000 devices. And I want to go through these and talk about the differences, 0:00:59.620000 --> 0:01:03.400000 what they're for, what the levels are, and what most importantly, you 0:01:03.400000 --> 0:01:04.520000 can do with these. 0:01:04.520000 --> 0:01:08.700000 So let's go ahead and get started looking at that. 0:01:08.700000 --> 0:01:12.300000 Okay, so the first one is registered devices. 0:01:12.300000 --> 0:01:13.520000 What do we have there? 0:01:13.520000 --> 0:01:17.640000 Okay, the purpose of this is for cloud applications, single sign-on. 0:01:17.640000 --> 0:01:22.960000 You can also implement conditional access with this, and with registered 0:01:22.960000 --> 0:01:28.160000 devices, you can use on-prem access to web application proxy. 0:01:28.160000 --> 0:01:33.320000 Okay, now this has the widest range of capabilities in terms of what's 0:01:33.320000 --> 0:01:37.460000 required. On the Windows side, you have Windows 10, but also notice I 0:01:37.460000 --> 0:01:40.900000 can do this iOS, Android, and Mac OS. 0:01:40.900000 --> 0:01:43.060000 Okay, now really, okay, what does all this mean? 0:01:43.060000 --> 0:01:48.040000 The primary purpose of this is cloud application SSO. 0:01:48.040000 --> 0:01:53.000000 This is, if you will, kind of the lowest level of integration. 0:01:53.000000 --> 0:01:56.220000 Easiest to do, widest range, right? 0:01:56.220000 --> 0:01:58.680000 And, you know, kind of it does what it does. 0:01:58.680000 --> 0:02:02.240000 Now the next step up, and this can be a little bit confusing, the difference 0:02:02.240000 --> 0:02:06.360000 between devices that are registered versus devices that are joined. 0:02:06.360000 --> 0:02:09.820000 Okay, just think of joined as that next level up. 0:02:09.820000 --> 0:02:11.760000 Okay, and so what can you do with join? 0:02:11.760000 --> 0:02:15.780000 First of all, you have key storage using cloud bit locker. 0:02:15.780000 --> 0:02:18.820000 Okay, so that's pretty important. 0:02:18.820000 --> 0:02:24.920000 You've got Microsoft Passport sign-in, you've got phone and PIN sign-in. 0:02:24.920000 --> 0:02:29.040000 Okay, so you're looking at a lot more sign-in options. 0:02:29.040000 --> 0:02:32.480000 You have enterprise state roaming, so if you've got data that you've got 0:02:32.480000 --> 0:02:36.100000 user settings, that kind of thing, you can actually set that up to be 0:02:36.100000 --> 0:02:38.800000 stored in the cloud and roam with your devices. 0:02:38.800000 --> 0:02:44.140000 This is actually the enterprise version of what you have if you're using 0:02:44.140000 --> 0:02:45.100000 a Microsoft account. 0:02:45.100000 --> 0:02:48.940000 Like I log into my Windows 10 device with my Microsoft account, and I've 0:02:48.940000 --> 0:02:52.760000 got the same basic settings across several different Windows 10 devices 0:02:52.760000 --> 0:02:56.920000 that I have. This would be the same thing, but rather than a, say, Outlook 0:02:56.920000 --> 0:03:01.440000 .com account, this could be your actual corporate account, like my i&e 0:03:01.440000 --> 0:03:05.340000 .com account. Okay, and so that's joined devices. 0:03:05.340000 --> 0:03:08.200000 Now, join devices only work with Windows 10. 0:03:08.200000 --> 0:03:11.220000 There's a number of other things you have with joined devices. 0:03:11.220000 --> 0:03:15.580000 For example, with joined devices, I can push additional administrators 0:03:15.580000 --> 0:03:20.060000 onto a device that has been joined. 0:03:20.060000 --> 0:03:23.740000 So again, and by the way, join does everything the register does, so all 0:03:23.740000 --> 0:03:27.400000 those things under registered apply to join devices as well. 0:03:27.400000 --> 0:03:29.640000 Just join devices give you more. 0:03:29.640000 --> 0:03:32.540000 Now, hybrid Active Directory joined. 0:03:32.540000 --> 0:03:37.740000 These are your devices that are already joined to your on-prem environment, 0:03:37.740000 --> 0:03:43.260000 and you have a hybrid authentication schema set up between your on-prem 0:03:43.260000 --> 0:03:45.220000 environment and Azure AD. 0:03:45.220000 --> 0:03:47.540000 These are going to be things like your notebook computer. 0:03:47.540000 --> 0:03:51.000000 So you're running, you're on your network, you have your notebook computer 0:03:51.000000 --> 0:03:54.100000 docked when you're at work. 0:03:54.100000 --> 0:03:58.740000 And then when you go home, if you've got to have hybrid Azure AD joined 0:03:58.740000 --> 0:04:03.420000 devices, then those devices can be used to access your cloud apps even 0:04:03.420000 --> 0:04:06.300000 when you're not on the local network. 0:04:06.300000 --> 0:04:10.740000 Okay, so it's also it's extending on -prem device management to Azure AD. 0:04:10.740000 --> 0:04:15.140000 You've got single sign-on, you've got enterprise state roaming, and this 0:04:15.140000 --> 0:04:20.640000 works actually with Windows 7 and above, although Windows 7 is, I guess, 0:04:20.640000 --> 0:04:25.220000 currently out of support by Microsoft, but that's still the technical 0:04:25.220000 --> 0:04:31.080000 definition. Now, one thing to be aware of, notice these little notes here, 0:04:31.080000 --> 0:04:36.220000 conditional access up here, that requires Azure AD premium, your on-prem 0:04:36.220000 --> 0:04:42.360000 access via web application proxy, that requires Azure AD basic. 0:04:42.360000 --> 0:04:45.320000 And by the way, web application proxy just means I've got, let's say, 0:04:45.320000 --> 0:04:49.820000 an on-prem, it could be an on-prem SharePoint, and I want to be able to 0:04:49.820000 --> 0:04:54.520000 access that when I'm not on-premises, I can set up this web application 0:04:54.520000 --> 0:04:57.700000 proxy. Outside the scope of what we're going to cover right here, but 0:04:57.700000 --> 0:05:00.480000 that's, you know, I hate showing you things that I'm not actually going 0:05:00.480000 --> 0:05:01.740000 to tell you about. 0:05:01.740000 --> 0:05:05.360000 And then, sorry for jumping around a little bit, but this third one here, 0:05:05.360000 --> 0:05:10.660000 here and here, right, not all features are available to down level Windows 0:05:10.660000 --> 0:05:15.680000 versions. Yes, for a hybrid AD joined, you can certainly hybrid AD joined 0:05:15.680000 --> 0:05:18.320000 a Windows 8.1 machine. 0:05:18.320000 --> 0:05:21.020000 However, you're not going to get every bit of functionality that you would 0:05:21.020000 --> 0:05:22.460000 with the Windows 10. 0:05:22.460000 --> 0:05:27.940000 All right, so that is the concept of device integration. 0:05:27.940000 --> 0:05:34.320000 Now, let's take a look at how this works starting with device registration. 0:05:34.320000 --> 0:05:39.860000 Okay, so with device registration, I've got a device, and I've got a user 0:05:39.860000 --> 0:05:41.660000 that is associated with the device. 0:05:41.660000 --> 0:05:44.240000 That's what we have over here, right? 0:05:44.240000 --> 0:05:46.780000 So here's some Windows 10 device. 0:05:46.780000 --> 0:05:51.120000 Here's a user account that is associated with that device. 0:05:51.120000 --> 0:05:57.660000 On the other side, I've got Azure AD, and I've got a user account in Azure 0:05:57.660000 --> 0:06:04.620000 AD, and that user account in Azure AD has access to some cloud application. 0:06:04.620000 --> 0:06:07.280000 It could be Office 365, for example. 0:06:07.280000 --> 0:06:11.420000 And what I want to do is I want to integrate those. 0:06:11.420000 --> 0:06:19.020000 So I associate my cloud user with my device user. 0:06:19.020000 --> 0:06:22.580000 So I'm still going to log in to the device as my device user. 0:06:22.580000 --> 0:06:28.660000 Now, when I do this, I get a device registration associated with the cloud 0:06:28.660000 --> 0:06:33.540000 user. So the cloud user becomes associated with my local device user, 0:06:33.540000 --> 0:06:37.920000 and the device itself becomes associated with the cloud user. 0:06:37.920000 --> 0:06:44.880000 And then once I have that, when I'm on the device, I can go to that cloud 0:06:44.880000 --> 0:06:49.460000 application, and it's going to be authenticated using that cloud user 0:06:49.460000 --> 0:06:51.560000 account, using that Azure AD user account, right? 0:06:51.560000 --> 0:06:56.380000 So I'm just kind of registering the account over on the device, and registering 0:06:56.380000 --> 0:07:00.340000 the device in the Azure AD. 0:07:00.340000 --> 0:07:04.420000 So now let's take a look at device join. 0:07:04.420000 --> 0:07:10.460000 So with device join, I've got kind of the same initial setup, right? 0:07:10.460000 --> 0:07:14.340000 I've got a device, I've got a local administrative user on the device, 0:07:14.340000 --> 0:07:20.200000 I've got Azure AD, I've got a cloud user, and I've got a cloud application. 0:07:20.200000 --> 0:07:22.100000 So what do I do? 0:07:22.100000 --> 0:07:30.140000 Well, key difference when I join is that rather than associating the cloud 0:07:30.140000 --> 0:07:34.620000 account with the local account, I'm actually adding the cloud account 0:07:34.620000 --> 0:07:37.000000 itself to the device. 0:07:37.000000 --> 0:07:42.680000 So now I can log into the device as the cloud account, right? 0:07:42.680000 --> 0:07:45.760000 Whereas with registration, I'm still logging in as the local account, 0:07:45.760000 --> 0:07:49.140000 as whatever's been set up in my case, it would be typically in my Microsoft 0:07:49.140000 --> 0:07:52.400000 account that I use to log into my Windows 10 devices. 0:07:52.400000 --> 0:07:58.360000 But if I join the device, then I'm going to be able to log in as that 0:07:58.360000 --> 0:08:01.780000 cloud account, okay? 0:08:01.780000 --> 0:08:07.740000 And at that point, that device is solidly tied to that cloud account. 0:08:07.740000 --> 0:08:13.880000 I don't really, for the purpose of how I'm going to use the device, I'm 0:08:13.880000 --> 0:08:17.240000 really bypassing that local account now, right? 0:08:17.240000 --> 0:08:21.980000 And so in bypassing that local account, I've got my user going directly 0:08:21.980000 --> 0:08:23.700000 against the web app, right? 0:08:23.700000 --> 0:08:27.660000 And that's a subtle difference, but in addition to this, which I think 0:08:27.660000 --> 0:08:29.780000 this is what explains it to me. 0:08:29.780000 --> 0:08:31.600000 Hopefully that works for you as well. 0:08:31.600000 --> 0:08:36.600000 There's these other features, of course, when you join as opposed to registering, 0:08:36.600000 --> 0:08:41.340000 but from the standpoint of how things actually work, this is how things 0:08:41.340000 --> 0:08:45.600000 actually work. Now, let's go ahead and take a look at the last option, 0:08:45.600000 --> 0:08:48.460000 which is the hybrid join. 0:08:48.460000 --> 0:08:54.580000 Okay, so with the hybrid join, I have this on-prem environment. 0:08:54.580000 --> 0:09:01.480000 Okay, and so over here is my on-prem environment, we'll just say OP, and 0:09:01.480000 --> 0:09:06.020000 in my on-prem environment, I've got a domain controller that's running 0:09:06.020000 --> 0:09:09.700000 active directory domain. 0:09:09.700000 --> 0:09:15.360000 I've got my user account that's in the active directory domain, and I've 0:09:15.360000 --> 0:09:18.740000 got a device. Again, you can think of this as a notebook computer, right? 0:09:18.740000 --> 0:09:23.360000 So I've got my Windows 10 notebook computer, and I open it up and I log 0:09:23.360000 --> 0:09:28.280000 in, I'm logging into my domain account when I'm in the network environment. 0:09:28.280000 --> 0:09:34.080000 But what I want to do is I want to take this over and get this information 0:09:34.080000 --> 0:09:37.420000 over into Azure AD. 0:09:37.420000 --> 0:09:42.640000 And so what I do is I set up a synchronization so that both the user account 0:09:42.640000 --> 0:09:49.340000 and the device are actually synchronized from on-premises into Azure AD. 0:09:49.340000 --> 0:09:54.540000 And then when I'm mobile and I've got that device and it's the exact same 0:09:54.540000 --> 0:10:00.140000 user, that user is just going into the cloud application. 0:10:00.140000 --> 0:10:03.720000 From a user perspective, this is probably the simplest model because you're 0:10:03.720000 --> 0:10:08.900000 always logging in as the same person, whether you're on-premises or you're 0:10:08.900000 --> 0:10:13.180000 in the cloud. You're not having to register, this would typically be done 0:10:13.180000 --> 0:10:16.800000 by, frankly, the IT department. 0:10:16.800000 --> 0:10:21.240000 You get your machine, they give you your domain login, your local login, 0:10:21.240000 --> 0:10:22.740000 and that's just what you keep logging in. 0:10:22.740000 --> 0:10:26.820000 And you can just get right into Office 365 or Salesforce or whatever cloud 0:10:26.820000 --> 0:10:32.200000 app you have registered with Azure AD using the same account, the same 0:10:32.200000 --> 0:10:35.160000 device that you have on-premises. 0:10:35.160000 --> 0:10:40.920000 And so that's hybrid join as opposed to device registration or device 0:10:40.920000 --> 0:10:47.480000 join. Now I want to take a moment to talk about device management. 0:10:47.480000 --> 0:10:52.780000 So what are some of the things that you can do in terms of managing devices? 0:10:52.780000 --> 0:10:56.160000 First of all, you can control join access. 0:10:56.160000 --> 0:10:59.100000 You have control over who can join devices. 0:10:59.100000 --> 0:11:03.280000 You can set up so that everybody can join devices or you could have specific 0:11:03.280000 --> 0:11:06.960000 groups that you allow join devices or just admins. 0:11:06.960000 --> 0:11:11.800000 You can also, with joined devices, and this is one of those advantages 0:11:11.800000 --> 0:11:17.460000 of joined over registered, you can actually add local admins to join devices. 0:11:17.460000 --> 0:11:23.060000 So if somebody's joining their, let's say, Surface Pro and they're joining 0:11:23.060000 --> 0:11:27.680000 it to your work Azure AD, you may want to add in and, you know, one of 0:11:27.680000 --> 0:11:28.920000 your IT admin accounts. 0:11:28.920000 --> 0:11:32.180000 As a local administrator on that machine and you can do that. 0:11:32.180000 --> 0:11:36.200000 You can also allow device registration or not. 0:11:36.200000 --> 0:11:42.560000 You can require multi-factor authentication to join devices and provided 0:11:42.560000 --> 0:11:47.620000 that you've got the right tier of Azure AD, you can implement enterprise 0:11:47.620000 --> 0:11:52.480000 state roaming. Which again is really just a user setting are going to 0:11:52.480000 --> 0:11:55.940000 be stored in the cloud so that when they go on different devices, the 0:11:55.940000 --> 0:11:58.800000 user is getting the same settings. 0:11:58.800000 --> 0:12:04.980000 You can also integrate the device management with a variety of management 0:12:04.980000 --> 0:12:10.420000 tools. For example, if you want mobile device management, Microsoft Intune, 0:12:10.420000 --> 0:12:15.300000 not surprisingly, it's Microsoft Intune, is deeply integrated into Azure 0:12:15.300000 --> 0:12:17.060000 AD device management. 0:12:17.060000 --> 0:12:23.000000 For example, I can use policies within Microsoft Intune to control conditional 0:12:23.000000 --> 0:12:26.680000 access. So I can set up a conditional access rule that would say, for 0:12:26.680000 --> 0:12:34.080000 example, you can only use an approved device that has been marked as compliant 0:12:34.080000 --> 0:12:38.700000 by Microsoft Intune if you're trying to get to Office 365. 0:12:38.700000 --> 0:12:40.140000 That's just one example. 0:12:40.140000 --> 0:12:45.300000 You can also for hybrid joint, your devices are going to be subject to 0:12:45.300000 --> 0:12:50.680000 group policy. Now, that's not really an Azure device management concept. 0:12:50.680000 --> 0:12:53.020000 That's just what happens anyways. 0:12:53.020000 --> 0:12:56.540000 If you've got local devices, the idea being of course that because they 0:12:56.540000 --> 0:13:03.960000 are under group policy, that's going to apply while you are mobile and 0:13:03.960000 --> 0:13:08.300000 accessing your registered cloud applications with that account on that 0:13:08.300000 --> 0:13:12.960000 device. And then you also have mobile application management tools, so 0:13:12.960000 --> 0:13:17.760000 all kinds of third party tools for managing mobile applications as well. 0:13:17.760000 --> 0:13:21.180000 They also have mobile device management tools that will integrate with 0:13:21.180000 --> 0:13:25.120000 Azure AD, but are outside the scope of this course. 0:13:25.120000 --> 0:13:31.360000 So a lot of ways to manage devices through Azure AD. 0:13:31.360000 --> 0:13:35.680000 Now with that, let's go ahead and take a look at a demonstration. 0:13:35.680000 --> 0:13:42.060000 In this demonstration, I am going to join a device to an Azure AD tenant. 0:13:42.060000 --> 0:13:45.720000 I have an Azure AD tenant that I use for demonstrations and I'm going 0:13:45.720000 --> 0:13:47.840000 to join my device to that tenant. 0:13:47.840000 --> 0:13:52.240000 Then I'm going to go in and we'll show you the experience, the login experience. 0:13:52.240000 --> 0:13:57.740000 Then I'm going to go into Azure AD and take a look at that registration 0:13:57.740000 --> 0:14:02.220000 and take a look at some of the settings related to managing devices as 0:14:02.220000 --> 0:14:04.620000 well. So it's more than just a join. 0:14:04.620000 --> 0:14:09.560000 Let's go ahead and let's get started into that. 0:14:09.560000 --> 0:14:13.700000 Okay, so I've got a Windows 10 device here. 0:14:13.700000 --> 0:14:19.060000 This is actually running as a virtual machine on my notebook, but that 0:14:19.060000 --> 0:14:20.020000 really doesn't matter. 0:14:20.020000 --> 0:14:22.220000 It's a Windows 10 device. 0:14:22.220000 --> 0:14:26.760000 And I'm currently logged in as a local user on this device with administrative 0:14:26.760000 --> 0:14:32.360000 privileges. And so what I'm going to do is go ahead and change this. 0:14:32.360000 --> 0:14:37.180000 I'm going to go ahead and join this device. 0:14:37.180000 --> 0:14:41.620000 Now to do that, and I'm going to tell you that the way that you do this, 0:14:41.620000 --> 0:14:44.140000 if you've got your own Windows 10 device, maybe a little bit different 0:14:44.140000 --> 0:14:48.280000 because Microsoft changes this pretty much every time they come out with 0:14:48.280000 --> 0:14:53.860000 a new major push of Windows 10. 0:14:53.860000 --> 0:14:58.680000 But right now what I'm going to do is go to Access, Work, or School. 0:14:58.680000 --> 0:15:02.220000 I'm going to click on that and I'm going to connect. 0:15:02.220000 --> 0:15:07.420000 Now this is actually better than it used to be because it used to be that, 0:15:07.420000 --> 0:15:09.940000 I'm going to just pop up here for a second. 0:15:09.940000 --> 0:15:13.940000 What's now under Emails and Account, I could add a Work or School account 0:15:13.940000 --> 0:15:17.520000 and that would actually be a registration. 0:15:17.520000 --> 0:15:22.820000 And of course, fortunately for us, the nomenclature that's used in the 0:15:22.820000 --> 0:15:26.540000 OS is nothing like the nomenclature that's used for us in Azure. 0:15:26.540000 --> 0:15:31.080000 But here we go, Access, Work or School, Connect, which is really going 0:15:31.080000 --> 0:15:35.900000 to join. And it's going to come up and it's going to say, what is the 0:15:35.900000 --> 0:15:38.220000 account that you want here? 0:15:38.220000 --> 0:15:42.080000 Now, there we go, this is actually what I want to do right here. 0:15:42.080000 --> 0:15:45.740000 Join this device to Azure Active Directory. 0:15:45.740000 --> 0:15:49.620000 So even here, if I just put in my email address, that's actually going 0:15:49.620000 --> 0:15:55.460000 to register. So I come down here to join this device to Azure Active Directory. 0:15:55.460000 --> 0:16:02.240000 And we're going to go and I'll join it to my account. 0:16:02.240000 --> 0:16:18.820000 And hopefully I will remember my password. 0:16:18.820000 --> 0:16:20.520000 And there we go. 0:16:20.520000 --> 0:16:23.460000 Make sure this is your organization. 0:16:23.460000 --> 0:16:29.260000 So we're putting there, I'm in there, that's good, I'm going to join. 0:16:29.260000 --> 0:16:32.060000 And now it is setting up this device. 0:16:32.060000 --> 0:16:34.960000 So I'm going to pause here and this shouldn't take too long. 0:16:34.960000 --> 0:16:37.440000 And there we go, I didn't even have to pause. 0:16:37.440000 --> 0:16:43.460000 This device is connected to the I-need-demo tenant, outstanding. 0:16:43.460000 --> 0:16:45.920000 And so I can see that. 0:16:45.920000 --> 0:17:00.320000 And so now, if I go and sign out. 0:17:00.320000 --> 0:17:05.300000 So I'm signing out of my local account. 0:17:05.300000 --> 0:17:13.300000 And it's going to make me reboot this to pick that up. 0:17:13.300000 --> 0:17:15.440000 So I'm going to go and restart this. 0:17:15.440000 --> 0:17:18.400000 That's going to take a moment when it comes back. 0:17:18.400000 --> 0:17:24.340000 I will log in using my Azure AD account. 0:17:24.340000 --> 0:17:33.260000 All right, so it has rebooted and here's the really key thing. 0:17:33.260000 --> 0:17:36.460000 So I've got local demo, that's who I'm currently you log in as. 0:17:36.460000 --> 0:17:40.740000 Now, initially before I rebooted, it was local demo or admin. 0:17:40.740000 --> 0:17:43.600000 Now it's local demo or other user. 0:17:43.600000 --> 0:17:47.680000 And so now I'm going to go in as another user and here I'm going to put 0:17:47.680000 --> 0:17:59.460000 in that. You also at I-need -demo.on-mark-self.com. 0:17:59.460000 --> 0:18:10.680000 My password. Notice it picks up my name. 0:18:10.680000 --> 0:18:19.640000 So it's got profile information that's pulled in from Azure AD and it's 0:18:19.640000 --> 0:18:24.040000 logging in. Now, while that's logging in, so we're not waiting for that 0:18:24.040000 --> 0:18:32.560000 to log in, I'm going to actually pull up my Azure dashboard and I'm currently 0:18:32.560000 --> 0:18:35.080000 connected to the I -need-demo tenant. 0:18:35.080000 --> 0:18:40.580000 And what I'm going to do is come down to Azure Active Directory. 0:18:40.580000 --> 0:18:45.580000 And the first thing I'm going to do is go to users. 0:18:45.580000 --> 0:18:53.140000 And under users, I've got the user that I just joined the device with. 0:18:53.140000 --> 0:18:56.900000 And I should see the device here. 0:18:56.900000 --> 0:19:00.180000 There we go. There is my incredibly well named device. 0:19:00.180000 --> 0:19:02.240000 Probably should at some point rename that. 0:19:02.240000 --> 0:19:06.040000 But I can see when it was registered, I can see the activity. 0:19:06.040000 --> 0:19:10.920000 I can see that this is Azure AD joined as opposed to registered. 0:19:10.920000 --> 0:19:13.720000 And more information on it. 0:19:13.720000 --> 0:19:20.480000 And I can actually go to the device and get more information on the device. 0:19:20.480000 --> 0:19:24.180000 Now, I can't manage the device right now because I don't have anything 0:19:24.180000 --> 0:19:26.640000 like Intune connected. 0:19:26.640000 --> 0:19:31.900000 I could disable the device so that you couldn't log in as a account or 0:19:31.900000 --> 0:19:34.020000 I could delete the device. 0:19:34.020000 --> 0:19:35.520000 So pretty simple. 0:19:35.520000 --> 0:19:45.620000 Now, if I go back to the actual I-need -demo tenant and if I go to devices, 0:19:45.620000 --> 0:19:47.820000 there's that same device. 0:19:47.820000 --> 0:19:51.000000 And so now it's of course just kind of running from the device rather 0:19:51.000000 --> 0:19:52.880000 than the owner presenting from that. 0:19:52.880000 --> 0:19:58.200000 And if I go to device settings, here's what I have. 0:19:58.200000 --> 0:20:03.680000 First of all, I've got users may join devices to Azure AD. 0:20:03.680000 --> 0:20:08.300000 I can either have everyone or I could have selected based on users or 0:20:08.300000 --> 0:20:10.820000 most likely groups. 0:20:10.820000 --> 0:20:22.660000 I've got users may register their devices, so that's either all or none. 0:20:22.660000 --> 0:20:25.080000 That can be registered per user. 0:20:25.080000 --> 0:20:27.320000 50 devices for users a lot. 0:20:27.320000 --> 0:20:29.600000 Hopefully won't need to do more than that. 0:20:29.600000 --> 0:20:30.700000 But there we go. 0:20:30.700000 --> 0:20:32.880000 That's really the device joined. 0:20:32.880000 --> 0:20:41.600000 And the only thing kind of tricky is getting your users to actually go 0:20:41.600000 --> 0:20:42.340000 through the process. 0:20:42.340000 --> 0:20:45.740000 You can of course also bulk join. 0:20:45.740000 --> 0:20:53.140000 And there's other techniques you can join when a machine is first, when 0:20:53.140000 --> 0:20:56.340000 you first purchase it and you first do the initial setup. 0:20:56.340000 --> 0:20:58.460000 Also keep in mind, hybrid join. 0:20:58.460000 --> 0:21:01.600000 Hybrid join is going to give you the ability to have your devices joined 0:21:01.600000 --> 0:21:05.480000 in and associated with accounts automatically. 0:21:05.480000 --> 0:21:09.920000 But that is the device management and device join.