Does anyone understand the difference between these DeviceTrustType values? The published documentation around the Azure Device Registration Service and Azure AD Workplace Join seems to be focused on Windows 7 and Windows 8.1, not Windows 10. That documentation talks about two requirements, ADFS3 or newer and a creating a very specific DNS record pointed at a Microsoft host to enable AAD Workplace Join. These requirements are not apparently required for Windows 10, because I have neither in my environment, but a quite a few Windows 10 devices that have managed to do the AAD Workplace Join. To be clear, these are not Windows 10 devices that have done the AAD Device Join.
I was caught very off-guard when I discovered Windows 10 devices using this to do an AAD Workplace Join, because I naturally assumed that since we met neither of the requirements for AAD Workplace Join, it wasn’t possible.
And yes, these are two different DeviceTrustType values. You can see examples of both in the blog post on the preview version of the msonline powershell module.
If someone understands this space, or has links to share that might explain this, I’m all ears.
J I’m most interested in hearing:
a) what’s the difference in capabilities between the two types of “joins”? and why would you prefer one over another? b) why does Windows 10 not need the requirements that prior Windows versions needed? And a corrolary, will prior Windows versions continue to need those requirements for much longer? -B