Purpose
With the rise of mobile and BYOD, IT teams must balance:
Microsoft Entra ID provides device registration and management options to secure access to organizational resources.
Types of Devices
| Type | Definition | Primary Audience | Ownership | Example |
|---|---|---|---|---|
| Microsoft Entra Registered | Personal devices registered to Entra without organizational sign-in. | BYOD, Mobile users. | User-owned. | Employee adds their personal phone for email access. |
| Microsoft Entra Joined | Work devices joined directly to Entra; require org account sign-in. | Cloud-first orgs. | Organization-owned. | Company laptops using Entra login. |
| Hybrid Microsoft Entra Joined | Devices joined to both AD and Entra. | Hybrid organizations. | Organization-owned. | Domain-joined PCs synced to Entra for SSO. |
Microsoft Entra Registered Devices
Scenario: A contractor registers their personal laptop to access HR web apps. Intune enforces encryption and antivirus before granting access.
Microsoft Entra Joined Devices
Scenario: Contoso’s IT automatically joins all new Windows 11 laptops via Windows Autopilot to enable SSO and central management.
Hybrid Microsoft Entra Joined Devices
Device Writeback: Replicates registered device info back to on-prem AD to enable Conditional Access and ADFS claims-based access.
Scenario: A hybrid company uses ADFS to allow access to internal apps only from registered (compliant) laptops.