So you may or may not be aware of a new feature coming to Windows 10. Azure AD domain join. This is an exciting new capability that may truly start to bring Cloud only or BYOD users into the management fold.
I recently gave this feature a quick trial run with Windows 10 Insider Preview build (10162). After doing a clean install, I was greeted with a screen with an option to join Azure AD. As you might have guessed, I selected that option. After entering my Azure AD credentials (synced from on prem AD if you were wondering) the setup continued through to completion.
Here are my first impressions:
The good
The Single Sign On (SS0) for Cloud resources (Office 365, Azure management Portal, etc) is way cool! For example, no need to login to webmail, just open the link and you’re in.
The (soon to be released?) capability to also enroll in Microsoft Intune during Azure AD join is very exciting indeed, especially when you couple that with provisioning packages.
The not so good
Now on to a feature (or lack thereof) that ultimately had me disappointed. Remote Desktop. To be fair this may not be something that a typical Cloud or BYOD user might do but I use RDP for example all the time in my home office. I use a laptop upstairs to connect to my machine downstairs. Without batting an eye, I fired up my (Windows 10) laptop and attempted to remote into my new Azure AD joined machine.
I was greeted with a login prompt where I assumed I could just enter my cloud credentials and go. No such luck. I tried using domain\username, username@domain.com, nothing worked. I decided maybe I should look at the System Properties>Remote Desktop where I confirmed it was set to allow Remote Desktop connection. When I clicked Select Users I was surprised to see:
User AzureAd\FirstNameLastName already has access.
In my case this was AzureAD\WilliamBracken. This username does not coincide with my actual Azure AD credentials.
Ah so that’s the issue then! I need to enter those credentials when RDP’ing into the machine. WRONG. No matter what I tried, none of these credentials would ever allow me to connect via RDP.
I decided to create a new local admin account just to verify RDP did indeed work. I was immediately able to RDP using the local admin account. At one point I left the RDP session open for a while and when I came back it was at a lock screen where surprisingly my Azure AD account was an option to select. Of course I selected it and logged in as that user and successfully accessed my desktop.
Next I logged off and then reconnected again using the local admin account with the express intention of locking the screen and seeing if I could reproduce the option to select my other user. Sadly when I forcefully locked the screen my Azure AD account was not available to select.
Conclusion:
I can see massive potential for Azure AD join. The future is exciting indeed. I am not sure if the RDP issue is by design, if its a pre-release missing feature, or simply a bug.
What I do know however is that native SSO is an awesome feature can cant wait for RTM to really start putting Windows 10 through its Cloud loving paces.