1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Planning for Azure AD Device Join

Provisioning Options


Course Introduction
Course Summary

The course is part of this learning path

Start course

This course looks at what goes into planning for Azure AD Device Join in Microsoft 365, and what you need to take into consideration when formulating your plans.

Learning Objectives

  • Understand the scenarios that you may encounter during the planning phase
  • Learn how to review identity infrastructures and assess device management
  • Learn about key considerations for applications, resources, and provisioning options
  • Understand the mobility options available and how to configure them

Intended Audience

This course is intended for anyone who wishes to learn about planning for Azure AD Device join in Microsoft 365.


To get the most out of this course you should have a basic understanding of Azure Active Directory as well as Microsoft 365.


Welcome to provisioning options! In this lesson, we’re going to look at some of the approaches you can take to provision Azure AD join. More specifically, you’ll be introduced to Self-Service in OOBE, Windows Autopilot, and Bulk enrollment.

Using the self-service mode, allows your users to complete the Azure AD join process during the Windows Out of Box Experience, or OOBE, OR from within Windows Settings. While the Windows Settings option is available for existing devices, the OOBE option is reserved for brand-new devices that haven’t been set up yet.

If you are deploying a new Windows device, you can take advantage of Windows Autopilot. Windows Autopilot uses the OEM-optimized version of Windows client, which is preinstalled on the device. What Autopilot does is enable pre-configuration of your devices in order to provide a smoother experience during the OOBE process to perform an Azure AD join. 

And then you have bulk enrollment. When you use bulk enrollment, you can join large numbers of new Windows devices to Azure Active Directory and Intune. Before you can bulk enroll your devices, you have to first create a provisioning package, using the Windows Configuration Designer app. Once you have the provisioning package created, you apply it to your corporate-owned devices. This package then joins those devices to your Azure AD tenant and enrolls them in Intune. 

I should point out that you cannot deploy Azure AD joined devices using Sysprep, or any other similar imaging tools.

The deployment approach you take will depend on your environment and on your user base. For example, if your user base consists mostly of more tech-inclined users, you might be able to leverage self-service

If your users are mostly remote, you might want to use self-service or Autopilot, since these options are usually best when you want to provide a streamlined setup for remote users, where there is no option to do any hand-holding in person.

Bulk enrollment might be a good choice if you’d rather have an admin drive the deployment and set up devices before handing the devices over to users.

Ultimately, you’ll want to think about your environment and user base, before deciding on a provisioning option.

About the Author
Thomas Mitchell
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.