Is there a way to join a Windows 10 computer to Azure AD using PowerShell?

Question

I want to join computers in my organization to Azure AD using a PowerShell script.

I tried using the New-AzureADDevice command

But in the example:

New-AzureADDevice -AccountEnabled $true -DisplayName "My new device" -AlternativeSecurityIds $altsecid -DeviceId $guid -DeviceOSType "OS/2" -DeviceOSVersion "9.3"

can someone explain where parameter AlternativeSecurityIds comes from?

Answer 1

AlternativeSecurityId which consists of three elements whereby only two would be needed for devices.

Reference : https://learn.microsoft.com/en-us/graph/api/resources/alternativesecurityid?view=graph-rest-1.0

AlternativeSecurityIds        : {class AlternativeSecurityId {
                                  IdentityProvider:
                                  Key: System.Byte[]
                                  Type: 2
                                }
                                }

• Key itself is of type described here

  X509:[thumbprint]+[publickeyhash]

• Type determines the purpose of the key (eg Bitlocker, Windows Hello,Recoverykeys)

       $key = [System.Text.Encoding]::Unicode.GetBytes("X509:<SHA1-TP-PUBKEY><Thumbprint>")
       $altsecids = New-Object -TypeName PSObject -Property @{
  
       #'IdentityProvider' = 'null'
       'Key' = $key
       'Type' = "2" }
  
  
  
  
       New-AzureADDevice -AccountEnabled $true -DisplayName '<NAME>' -DeviceOSType 'OS/2' -DeviceOSVersion '9.3' -AlternativeSecurityIds $altsecids -DeviceId (New-Guid)
  

This is mostly used for internal use and my understanding you will not able to achieve your requirement.

Currently, there is no powershell script/commandlet that can auto join with AAD

There is already an existing Uservoice for the same.

The other option would be able to make use of :

• Group Policy , OOBE, bulk enrollment and Autopilot