Azure AD Join Provisioning Package

Azure AD Join Provisioning Package

Adam Nichols

Creating a Provisioning Package is a supported method to provide an unattended method to Join a device to Azure AD, as you have probably noticed if you have spent time looking into options there aren't many supported options other than manually with in windows or through a process like Autopilot.

Michael Niehaus and many other have written great blogs digging into the service principle and BPRT token created with this type of enrollment. The second blog by Dr Nestori Syynimaa is especially interesting and I totally plan to spend more time digging into facilitating AADJ without a provisioning package.

Automatically join devices to Azure AD – Out of Office Hours (oofhours.com)

https://o365blog.com/post/bprt/

So in this blog I will go into how I create a provisioning package to get to where we want with the fewest configurations necessary.

First lets jump over and install the windows 11 ADK, Windows 10 or 11 work just fine..

Download and install the Windows ADK | Microsoft Docs

I use the option below this has been the most reliable in the past..

Now these guides are meant to setup up a device with various configurations where we only care about AADJ enrollment I will walk you through getting there without the unnecessary overhead.

Select provisioning desktop devices

Go ahead and add a name as it is required, but don't worry we will remove this requirement later on.

Turn off network configurations

Now this is the important port select Enroll in Azure AD, you have the ability to set Bulk Token Expiry. You can choose the default which is 30 day up to 120 days. This is the amount of time your PPKG will be valid for enrollment once this expires  your AADJ enrollment will fail..

Click the default through till you get to the finish page, and now select switch to advanced editor.

Once you get here you will not be able to go back so FYI!!

Browse to Selected customization on the right hand hide, select ComputerAccount and Remove, this will prevent the PPKG from changing the computer name when applied, and will prevent an 60 second reboot post applying.

Once Done select Export > Provisioning package

Got though your options and select build

Browse to Project Folder and Copy the PPKG to your source location or SCCM package.

AD to AAD Join via Configuration Manager Task Sequence

AD to AAD Join via Configuration Manager Task Sequence
Active Directory Join to Azure AD Join

Active Directory Join to Azure AD Join

Related Posts