They are nearly the same thing, except that in addition to receiving an identity in Azure that can be disabled/deleted, joining also changes the local state of the device, such that it is possible to sign-in to the device using Azure AD credentials. Joining is just an extension of registering the device. With this setup, Exchange ActiveSync clients would also show up in your inventory. However, if stronger security is your goal, you could configure a Conditional Access policy (via Enterprise Mobility + Security) to require devices to establish a stronger connection to Azure AD and enroll with Intune, before granting them access to resources such as Exchange Online or SharePoint Online, for instance. NOTE: Exchange ActiveSync devices will not show up in your Azure AD device inventory by default–so those devices would need to be managed via Exchange Admin Center or PowerShell via Exchange Online. Know that it is also possible to have the device registered, and enrolled in MDM, but in this case the device is not enrolled for MDM. Additionally, there is no MDM enrollment for this device, and no BitLocker keys. Notice in the screenshot above that the device Join Type is listed as Azure AD registered, and our available controls for this device are just Disable and Delete.
REGISTER WINDOWS 10 WITH MICROSOFT INTUNE KEYGEN
And if you care about security at all, then you should regularly prune inactive devices as a best practice. We do however have the ability to report on these devices for inventory purposes, and to Disable or Delete the devices from Azure AD. Registering is meant for “BYOD” scenarios and does not give admins much control over the devices themselves. This join type can apply to any device–Windows, macOS or mobile devices such as iOS or Android. This is a weak association (but an association nonetheless), and basically it just means that the device exists, and is accessing Azure AD-based resources (such as Office 365).
But fear not–it will all make sense shortly. On top of that, there may be some managed by Intune MDM, and others which aren’t. You will see some devices listed as Azure AD registered, while other say Azure AD joined or even Hybrid Azure AD joined. First, take a look at all the different types in the Azure AD portal, under Devices > All devices. I will describe them all here in order from weakest to greatest level of association/control. I think that one major point of confusion for people is understanding the difference between various device states–for example, what is the difference between a device which is merely registered with Azure AD, versus one that is actually Azure AD joined? And what about Hybrid Azure AD joined? Device management is not a straightforward thing in Azure AD.
0 kommentar(er)
