In my last post I explained how to join a Windows 10 device to Azure AD. Now it’s time to check how we can enforce organizational policies to same. Before that let me logoff from my standard user account and come back to log on prompt.
You can see that my organizational account is displayed in the log on screen. After I have logged in it will take some time to setup the Apps and will test your patience (lol kidding). Notice that in-between this time you will be prompted to accept security policies enforced by your Azure AD tenant. Click Enforce these policies button to accept.Now to test the functionality once logged in I’m going to launch the default Mail application. Voilà! my Office 365 e-mail account is already configured there.Since my Office 365 Azure AD tenant has been on-boarded to my Azure account I can actually inspect the the devices that I have enrolled. For that I’m going to view the properties of that particular user.Okay well where are those security polices I talked about. By default when you enroll a Windows 10 device policies such as password expiration will be provided by Azure AD. But if you need more granular control like device sweep, selective wipe, full wipe you’ll have to integrate Microsoft Intune with it. My office 365 E3 tenant already has MDM capability enabled with Intune. Therefore I can modify policies as I want from Office 365 Admin center.Although it may seem a long shot Microsoft’s ultimate goal is to enable mobility for all users. I think this will be a huge leap assisting that vision.