Add Work or School Account to Windows - Work Access
Understanding Work Access in Windows 10
Within Windows 10, the Settings app contains "Work Access" functionalities, accessible through the Accounts section.
These features are designed for individuals who require connectivity to the network infrastructure of their workplace or educational institution using personally owned devices.
How Work Access Functions
Work Access facilitates access to an organization’s resources while simultaneously granting the organization a degree of management capability over the connected device.
While the configuration of these settings can initially appear complex, the process is generally straightforward.
Setup and Access
If utilizing Work Access is necessary, your organization will furnish you with the required connection details.
They will also provide clear instructions regarding the necessary steps for configuration and achieving access to the organization's designated resources.
Essentially, the organization will guide you through the setup process to ensure a secure and functional connection.
Understanding Work Access, Azure AD, and Device Management
Related: What is a Windows Domain and How Does It Affect My PC?
The "Work Access" features are designed for scenarios where individuals utilize personally owned computers to connect to work or educational resources. This practice is commonly referred to as "bring your own device," or BYOD. Organizations extend access to accounts and various resources, such as enterprise applications, digital certificates, and VPN configurations.
In exchange, the organization gains a degree of control over the device for remote management and security purposes. The extent of this control is determined by the organization’s specific configurations and server settings.
This method presents a distinct alternative to traditional domain joining. Domain joining is typically reserved for devices directly owned by an organization, while Work Access options are more appropriate for devices belonging to employees or students.
Within the Work Access settings, two primary options are available: Azure AD and Device Management.
- Azure AD: According to Microsoft’s official Azure documentation, Windows 10 enables the addition of a "work or school account" to computers, tablets, and smartphones. This registers the device with the organization’s Azure AD server.
- Automatic enrollment in a mobile device management (MDM) system is possible, though not mandatory, depending on the organization’s policies. Administrators can implement less stringent policies on these personally owned devices compared to those fully integrated into a domain. The account facilitates single sign-on access to work-related resources and applications.
- Device Management: While Azure AD can optionally enroll a device in an MDM server, a Windows 10 device can also connect directly to a device management server. This allows the controlling organization to gather device information.
- They can also manage installed applications, restrict access to settings, remotely wipe the device, and perform other administrative functions. MDM servers are also utilized for managing iPhones, iPads, and Android devices, ensuring compatibility across platforms.
However, a comprehensive understanding of these underlying technologies isn't essential for utilizing Work Access. Your organization will provide specific instructions for establishing a connection.
Once connected, the organization can apply its preferred policies to your device, granting you access to the necessary resources.
Accessing Azure AD: A Sign-In Guide
Initiating a sign-in to your Azure Active Directory environment begins with navigating to the Settings application. From there, select the "Accounts" option, followed by "Your Email and Accounts."
Scroll down within this section until you locate and click "Add a Work or School Account," which is situated under the heading "Accounts Used By Other Apps."
Alternatively, you can access the same functionality by going to Settings > Accounts > Access work or school and selecting "Add a Work or School Account." However, this will redirect you to the "Your Email and Accounts" screen.
To establish a connection with the Azure AD server, input the email address assigned to you by your organization, along with its corresponding password.
Your organization will furnish you with the necessary details regarding access to available resources and will outline any subsequent steps required for full functionality.
Managing Your Connected Account
Once added, the account will be displayed as a "Work or School Account" within the "Accounts Used By Other Apps" section, located at the bottom of the Settings > Accounts > Your Email and Accounts screen.
From this location, you have the ability to click or tap on the account and disconnect it if necessary.
Organizational Control and Device Management
From an administrative perspective, your organization gains visibility into your connected device through the Azure AD portal.
This allows them to provision resources and enforce relevant policies to ensure a secure and compliant environment.
These capabilities are essential for maintaining control and security within the organization's Azure AD infrastructure.
Enrolling Your Device in Mobile Device Management
Device enrollment, frequently referred to as Mobile Device Management (MDM), can be initiated directly from your device settings.
Navigate to Settings > Accounts > Work Access, then scroll to locate and select the "Enroll in Device Management" option.
Initiating the Enrollment Process
Typically, simply clicking the "Connect" button within the current interface is sufficient. However, an alternative, "Enroll only in device management," is available under Related Settings.
The system will prompt you for the email address associated with the MDM server.
If automatic discovery fails, you may also be required to manually input the server address; your organization will furnish this information if necessary.
Here's a breakdown of the process:
- Access Settings > Accounts > Work Access.
- Select "Enroll in Device Management."
- Choose "Connect" or "Enroll only in device management."
- Enter your MDM server email address.
- Provide the server address if prompted.
Your organization’s IT department will provide the necessary server details for a successful connection.
Deleting a Work or School Account
The process of removing a work or school account involves navigating to the Settings application, then selecting Accounts, followed by Access work or school.
From there, choose the specific account you wish to remove and click the "Disconnect" option.
Should this initial method prove unsuccessful, an alternative solution has been identified.
Begin by going to Settings > Accounts > Your info, then select "Sign in with a local account instead."
Complete the subsequent steps to log in to your computer using a local account rather than your Microsoft account.
After successfully logging back in, revisit Settings > Accounts > Access work or school and attempt to remove the account once more.
Once the work or school account has been successfully removed, you can return to Settings > Accounts > Your Info to sign back in with your Microsoft account.
For organizations utilizing a traditional Windows domain, an alternative joining method is available.
Under the Related Settings section at the bottom of the Work Access pane, select "Join or leave an organization."
This will redirect you to the Settings > System > About pane, where you can connect your device to either a domain hosted by your organization or a Microsoft Azure AD domain.