 Hello, my name is Sam and I'm Director of Consulting at Tech Impact, we're a nonprofit technology services provider. And I'm here today to talk to you about joining your Windows 10 machines to ensure active directory to get single sign-on to Office 365 and any other apps that you have integrated. Before you get started, you're going to want to make sure you've taken care of a few things. You're going to need E1 or higher Office 365 licenses. You're also going to want to make sure that all of your machines are running Windows 10 Pro or Enterprise. This is not supported with anything older or with Windows 10 Home. Finally, I would recommend that you run the Windows 10 Upgrade Assistant. Windows 10 has come in a lot of different flavors and the interface can differ slightly depending on what version you're on. Running the Windows 10 Upgrade Assistant is the only way to make sure that you're on the most modern version of Windows 10. Everything we're doing here today is possible with the free E1 Office 365 licenses. If you choose to subscribe to an additional Enterprise Mobility security license, you can do a lot more including specifying local administrators on your machines, configuring those machines using Intune which can be a replacement for your on-premise active directory group policy, and even conditionally providing access based on machines' encryption or Windows updates or antivirus stats. It's even possible for your users to enroll personal devices to make sure that they're meeting basic security requirements without actually fully controlling them as an administrator. Let's go ahead and get started. We're going to log into the Office 365 administrative portal. I've enabled two-factor authentication, which is definitely something that you should do. So I'm going to type in the one-time code that was just texted to me. Next, I'm going to open up the Office 365 administrative panel. And from the left-hand control panel, I'm going to select Azure Active Directory. Right now we're looking at the old Azure portal. There's a new portal which will be the default very soon. I'd recommend that you make your changes there instead. Let's go ahead and click on the Check Out the New Portal link at the top and launch that more modern portal. You'll see that my URL has changed. This direct link, if you want to bookmark it, is just portal.azure.com. So now we're going to open up the Azure Active Directory control panel from the left. And I'm going to select Users and Groups, and then we're going to click on Device Settings. And here I need you to make sure that Users May Join Devices to Azure Active Directory is set to either All or Selected. All allows anyone in your organization to join their computer to Azure Active Directory. Selected allows you to specify a particular group or set of users who are able to do so. If you would like to make the join process more secure, you can also turn on Require Multi-Factor Off to Join Devices, which I would strongly recommend. Let's go ahead and click Save. And now that's it. My Azure Active Directory is ready to accept computers being joined. So I'm on a Windows 10 machine right now. Let's just go through this process. I'm going to go ahead and just open up the Settings app, and I'm going to open up Account. I'm going to go to Access Worker School, and then I'm going to click on this Plus Connect button here. Now if I had an Enterprise Security and Mobility license, and I had set this up as an administrator, I could actually enroll this device in Office 365 without joining it, which would provide me with some limited management and recording capabilities without actually taking control of the machine. But in this case, this is a company-owned machine, and I only have a free E1 license. So let's go ahead and just join this to Azure Active Directory using this link at the bottom. Now I'm going to put in my account information and my password. Now like everything else we do, I'm using two-factor authentication. Okay, and now we're setting up my machine. So let's go ahead and restart the machine, and I can show you what just happened. So now you'll see that I have the old user that I was logging in, but I also have this new button here called Other User. Let's click on that. Here it's going to ask me to sign into my Worker School account. So let's put in my Office 365 credentials, which are also my Azure AD credentials. And that's it. I just logged into my computer using my Azure Active Directory credentials. So now I'm logged in using my Office 365 account. I want to show you something interesting. Let's go ahead and launch Edge. This would work the same way with Internet Explorer. Let's go to portal.office365.com. So I'm just going to log in to my Office 365 account. Now you'll notice that I'm actually automatically in my machine. I didn't have to re-log in. That's because when I do Azure Active Directory domain join, I'm also getting single sign-on to Office 365. This doesn't just work with the website. I can actually do the same thing using any of the Office applications. Another important thing to note is that it did require me to use two-factor authentication to join the device itself, but after that it didn't require me to use two-factor authentication, and that's because the device itself serves as a second authentication source. And that's how we join our Windows 10 machines to Azure Active Directory. This is a really easy way to get rid of your on-premise Active Directory server if you're a small organization that doesn't need the benefits of group policy. And I hope you'll play around with it.