はじめに
Microsoft Entra Join を実施する前と、した後で デバイス や クラウドの管理画面 での表示が どう変わるのかについて、情報をまとめました。
Microsoft Entra Join については、以下の記事で説明していますので、参照してください。
(Microsoft Entra Join について)
https://qiita.com/carol0226/items/8c2bbc0f480913eaeed4
(Microsoft Entra Join の手順 - Win10)
https://qiita.com/carol0226/items/eba166a0a4b2e7df3a92
(Microsoft Entra Join の手順 - Win11)
https://qiita.com/carol0226/items/74efd0c2cce7fc42e110
1. Azure Portal の 表示
テナント内で、"参加済み" となっているデバイスの一覧を確認できます。
(確認方法)
- Azure Portal に サインインする
- "Microsoft Entra ID" の 機能を開く
- テナントの概要ページで「デバイス」を選択する
- デバイスの概要ページで「すべてのデバイス」を選択する
Before
デバイスはありません。
After
Win10 と Win11 という 2台 の デバイス が "参加済み" の状態
2. デバイス の "参加済み" 状態 (GUI)
(確認方法)
- デバイス に サインインする
- 「スタートボタン」を右クリックして、「設定」を開く
- 設定アプリ上 から「アカウント」を開く
- アカウントの画面から「職場または学校へのアクセス」を開く
Windows 10
Before
"参加" 前の状態です。
After 1
"参加済み" になった直後(再起動の前)
After 2
"参加済み" になり、デバイスを再起動して テナントユーザーで サインイン を実施
Windows 11
Before
"参加" 前の状態です。
After 1
"参加済み" になった直後(再起動の前)
After 2
"参加済み" になり、デバイスを再起動して テナントユーザーで サインイン を実施
3. デバイス の "参加済み" 状態:dsregcmd コマンド
(確認方法)
- デバイス に サインインする
- コマンドプロンプトを開く
- "dsregcmd /status" を実行する
結果一覧
| 章 | 項目 | Before | After 1 | After 2 |
|---|---|---|---|---|
| Device State | AzureAdJoined EnterpriseJoined DomainJoined |
NO NO NO |
YES NO NO |
YES NO NO |
| Device Details | - | 章が追加 | ||
| Tenant Details | - | 章が追加 | ||
| User State | NgcSet WorkplaceJoined WamDefaultSet |
NO NO NO |
NO NO NO |
NO NO YES |
| SSO State | AzureAdPrt AzureAdPrtA~ EnterprisePrt EnterprisePrt~ OnPremTgt CloudTgt KerbTopLeve~ |
NO NO NO NO 無い 無い 無い |
NO 空欄 NO 空欄 無い 無い 無い |
YES URL情報 NO 空欄 NO YES 値が表示 |
| Diagnostic Data | AadRecovery~ Executing Ac~ KeySignTest DisplayNam~ OsVersionUp~ HostNameU~ Last HostNa~ |
NO アカウント PASSED YES YES YES NONE |
NO アカウント PASSED YES YES YES NONE |
|
| IE Proxy Config for Current User |
Auto Detect~ Auto-Con URL Proxy Server~ Proxy Bypass~ |
YES |
YES |
YES |
| WinHttp Default Proxy Config |
Access Type | DIRECT | DIRECT | DIRECT |
| Ngc Prerequisite Check |
IsDeviceJoined IsUserAzureAD PolicyEnabled PostLogonE~ DeviceEligible SessionIsNot~ CertEnrollment PreReqResult |
NO NO NO YES NO NO none WillNot~ |
YES NO NO YES NO NO none WillNot~ |
YES YES YES YES NO NO none WillNot~ |
結果詳細
Before
"参加" 前 の状態です。
"Device State" の "AzureAdJoined" の 値 が "NO" になっています。
PS C:\Users\nogushu> dsregcmd /status
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : NO
EnterpriseJoined : NO
DomainJoined : NO
Device Name : Win10
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : NO
+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : NO
AzureAdPrtAuthority : NO
EnterprisePrt : NO
EnterprisePrtAuthority : NO
+----------------------------------------------------------------------+
| IE Proxy Config for Current User |
+----------------------------------------------------------------------+
Auto Detect Settings : YES
Auto-Configuration URL :
Proxy Server List :
Proxy Bypass List :
+----------------------------------------------------------------------+
| WinHttp Default Proxy Config |
+----------------------------------------------------------------------+
Access Type : DIRECT
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsDeviceJoined : NO
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : NO
SessionIsNotRemote : NO
CertEnrollment : none
PreReqResult : WillNotProvision
For more information, please visit https://www.microsoft.com/aadjerrors
After1
"参加済み" になった直後(再起動の前)
"Device State" の "AzureAdJoined" の 値 が "YES" に変わりました。
そのほかに "Device Details" と "Tenant Details" が追加されました。
PS C:\Users\nogushu> dsregcmd /status
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : YES
EnterpriseJoined : NO
DomainJoined : NO
Device Name : Win10
+----------------------------------------------------------------------+
| Device Details |
+----------------------------------------------------------------------+
DeviceId : eadd81ba-xxxx-xxxx-xxxx-62axxxxefe15
Thumbprint : ACCB4EXXXXXXXXXXA72F6ADXXXXXXXXXX208AE10
DeviceCertificateValidity : [ 2023-11-25 01:13:55.000 UTC -- 2033-11-25 01:43:55.000 UTC ]
KeyContainerId : 069d9016-xxxx-xxxx-xxxx-1aee4475fb04
KeyProvider : Microsoft Software Key Storage Provider
TpmProtected : NO
DeviceAuthStatus : SUCCESS
+----------------------------------------------------------------------+
| Tenant Details |
+----------------------------------------------------------------------+
TenantName :
TenantId : 010d28ee-xxxx-xxxx-xxxx-9a7xxxx3dc65
Idp : login.windows.net
AuthCodeUrl : https://login.microsoftonline.com/010d28ee-xxxx-xxxx-xxxx-9a7xxxx3dc65/oauth2/authorize
AccessTokenUrl : https://login.microsoftonline.com/010d28ee-xxxx-xxxx-xxxx-9a7xxxx3dc65/oauth2/token
MdmUrl :
MdmTouUrl :
MdmComplianceUrl :
SettingsUrl :
JoinSrvVersion : 2.0
JoinSrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/device/
JoinSrvId : urn:ms-drs:enterpriseregistration.windows.net
KeySrvVersion : 1.0
KeySrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/key/
KeySrvId : urn:ms-drs:enterpriseregistration.windows.net
WebAuthNSrvVersion : 1.0
WebAuthNSrvUrl : https://enterpriseregistration.windows.net/webauthn/010d28ee-xxxx-xxxx-xxxx-9a7xxxx3dc65/
WebAuthNSrvId : urn:ms-drs:enterpriseregistration.windows.net
DeviceManagementSrvVer : 1.0
DeviceManagementSrvUrl : https://enterpriseregistration.windows.net/manage/010d28ee-xxxx-xxxx-xxxx-9a7xxxx3dc65/
DeviceManagementSrvId : urn:ms-drs:enterpriseregistration.windows.net
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : NO
+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : NO
AzureAdPrtAuthority :
EnterprisePrt : NO
EnterprisePrtAuthority :
+----------------------------------------------------------------------+
| Diagnostic Data |
+----------------------------------------------------------------------+
AadRecoveryEnabled : NO
Executing Account Name : Win10\nogushu
KeySignTest : PASSED
DisplayNameUpdated : YES
OsVersionUpdated : YES
HostNameUpdated : YES
Last HostName Update : NONE
+----------------------------------------------------------------------+
| IE Proxy Config for Current User |
+----------------------------------------------------------------------+
Auto Detect Settings : YES
Auto-Configuration URL :
Proxy Server List :
Proxy Bypass List :
+----------------------------------------------------------------------+
| WinHttp Default Proxy Config |
+----------------------------------------------------------------------+
Access Type : DIRECT
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsDeviceJoined : YES
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : NO
SessionIsNotRemote : NO
CertEnrollment : none
PreReqResult : WillNotProvision
For more information, please visit https://www.microsoft.com/aadjerrors
After 2
"参加済み" になり、デバイスを再起動して テナントユーザーで サインイン を実施
PS C:\Windows\system32> dsregcmd /status
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : YES
EnterpriseJoined : NO
DomainJoined : NO
Device Name : Win10
+----------------------------------------------------------------------+
| Device Details |
+----------------------------------------------------------------------+
DeviceId : 010d28ee-xxxx-xxxx-xxxx-9a7xxxx3dc65
Thumbprint : ACCB4EXXXXXXXXXXA72F6ADXXXXXXXXXX208AE10
DeviceCertificateValidity : [ 2023-11-25 01:13:55.000 UTC -- 2033-11-25 01:43:55.000 UTC ]
KeyContainerId : 069d9016-xxxx-xxxx-xxxx-1aexxxx5fb04
KeyProvider : Microsoft Software Key Storage Provider
TpmProtected : NO
DeviceAuthStatus : SUCCESS
+----------------------------------------------------------------------+
| Tenant Details |
+----------------------------------------------------------------------+
TenantName :
TenantId : 010d28ee-xxxx-xxxx-xxxx-9a7xxxx3dc65
Idp : login.windows.net
AuthCodeUrl : https://login.microsoftonline.com/010d28ee-xxxx-xxxx-xxxx-9a7xxxx3dc65/oauth2/authorize
AccessTokenUrl : https://login.microsoftonline.com/010d28ee-xxxx-xxxx-xxxx-9a7xxxx3dc65/oauth2/token
MdmUrl :
MdmTouUrl :
MdmComplianceUrl :
SettingsUrl :
JoinSrvVersion : 2.0
JoinSrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/device/
JoinSrvId : urn:ms-drs:enterpriseregistration.windows.net
KeySrvVersion : 1.0
KeySrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/key/
KeySrvId : urn:ms-drs:enterpriseregistration.windows.net
WebAuthNSrvVersion : 1.0
WebAuthNSrvUrl : https://enterpriseregistration.windows.net/webauthn/010d28ee-xxxx-xxxx-xxxx-9a7xxxx3dc65/
WebAuthNSrvId : urn:ms-drs:enterpriseregistration.windows.net
DeviceManagementSrvVer : 1.0
DeviceManagementSrvUrl : https://enterpriseregistration.windows.net/manage/010d28ee-xxxx-xxxx-xxxx-9a7xxxx3dc65/
DeviceManagementSrvId : urn:ms-drs:enterpriseregistration.windows.net
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : YES
WamDefaultAuthority : organizations
WamDefaultId : https://login.microsoft.com
WamDefaultGUID : {B16898C6-xxxx-xxxx-xxxx-64DxxxxA8520} (AzureAd)
+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : YES
AzureAdPrtUpdateTime : 2023-11-25 02:23:11.000 UTC
AzureAdPrtExpiryTime : 2023-12-09 02:23:10.000 UTC
AzureAdPrtAuthority : https://login.microsoftonline.com/010d28ee-xxxx-xxxx-xxxx-9a7xxxx3dc65
EnterprisePrt : NO
EnterprisePrtAuthority :
OnPremTgt : NO
CloudTgt : YES
KerbTopLevelNames : .windows.net,.windows.net:1433,.windows.net:3342,.azure.net,.azure.net:1433,.azure.net:3342
+----------------------------------------------------------------------+
| Diagnostic Data |
+----------------------------------------------------------------------+
AadRecoveryEnabled : NO
Executing Account Name : AzureAD\AvdAdmin, avdadmin@carol226.com
KeySignTest : PASSED
DisplayNameUpdated : YES
OsVersionUpdated : YES
HostNameUpdated : YES
Last HostName Update : NONE
+----------------------------------------------------------------------+
| IE Proxy Config for Current User |
+----------------------------------------------------------------------+
Auto Detect Settings : YES
Auto-Configuration URL :
Proxy Server List :
Proxy Bypass List :
+----------------------------------------------------------------------+
| WinHttp Default Proxy Config |
+----------------------------------------------------------------------+
Access Type : DIRECT
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsDeviceJoined : YES
IsUserAzureAD : YES
PolicyEnabled : YES
PostLogonEnabled : YES
DeviceEligible : NO
SessionIsNotRemote : NO
CertEnrollment : none
PreReqResult : WillNotProvision
For more information, please visit https://www.microsoft.com/aadjerrors
こちらも参考になります