Hi All, i tested and played with my Win 10 Devices a little bit arround and saw some curios things, it is really curios, no not really, it is by Design.
I Play with a Win 10 Build 10586, just to be shure you have the Same OS level.
Then i Use Azure AD join and manage the Device trough Microsoft Intune.
To Use this Scenario, like Managing Win10 Devices Agent less as a MDM Device you have to create a Azure EMS / o365 / Microsoft Intune Subscription that enables your Azure AD in the background. Then you have to enable AAD in the Azure Portal and you have to Use the old Azureportal manage.windowsazure.com
Go to the AAD in the Portal like this:
Open your AAD and go to Configure:
scroll Down to the Devices:
Now you have some Options, here a link with the description on How to implement that: https://azure.microsoft.com/en-us/documentation/articles/active-directory-conditional-access-device-registration-overview/?rnd=1
After that implementation and make the “cloud” ready for our use, we go to the Win 10 Device, in the Settings –>Accounts, you have now two options to join a Device to AAD
With the Sign in to Azure AD and the Link “Ass a work or school account”, the User can join his Device to AAD.
On the Bottom down you see another Link “Join or leave a organisation”, if you open that, you see another Page in the Settings –> System –>About
Here you can also Join a Device to AAD, after you click Connect to a Organisation, a Login mask will ask you for your AAD-User credentials
(By the Way, to Other Join will be the Same Login Informations, but in the end diffrent Window to welcome you in the ADD)
But, what is the Diffrent between this two Joins, i will show you that in screenshot from the Intune Console:
The secound description to Join a Device to AAD will show the device as a Corporate Owned Device!! Thats the big deal 
You can see there are some Devices in my LAB Subscription, and one of the Devices says it is a Corporate Device.
Ahhhh, that means it’s a Corporate Owned Device, the others are Personally Enabled Devices.
The diffrence here is the Wipe funcionality, here a Description:
https://technet.microsoft.com/en-us/library/mt143184.aspx the full story
https://technet.microsoft.com/en-us/library/dn600287.aspx
Here are some other Links that will help:
– what is a Enrollment Manager in Intune: https://technet.microsoft.com/en-us/library/dn764961
– here a description for AAD join during OS Setup: https://blogs.technet.microsoft.com/ad/2015/05/13/azure-active-directory-and-windows-10-bringing-the-cloud-to-enterprise-desktops/
– more details to this process: https://blogs.technet.microsoft.com/ad/2015/05/28/azure-ad-join-on-windows-10-devices/
– scenarios and deployment for AAD-Join: https://azure.microsoft.com/en-us/documentation/articles/active-directory-azureadjoin-deployment-aadjoindirect/
Hope it helps, the infos here is as is, test it first in your LAB!
Leave a Reply