For Azure AD device registration, Windows 10 devices use the active STS (WS Trust) workflow whereas Windows downlevel devices use the passive (WS-Federation) workflow. Therefore, the steps to configure automatic hybrid Azure AD join for Windows 10 devices and Windows downlevel devices are different.
Access Manager supports the following Windows downlevel devices:
Windows 8.1
Windows Server 2012 R2
Windows Server 2012
Prerequisites: see Prerequisites for Automatic Hybrid Azure AD Join.
To enable automatic registration for Windows downlevel devices, perform the following steps:
Prepare Azure AD for automatic hybrid Azure AD join.
Configure Access Manager for automatic hybrid Azure AD join.
See Configuring Access Manager for Automatic Hybrid Azure AD Join.
Configure the local Intranet settings for device registration. To prevent the certificate prompts while authenticating a device to Azure AD, add the following URL to the Local Intranet zones:
Install Microsoft Workplace Join for non-Windows 10 computers.
For more information, see Install Microsoft Workplace Join for Windows downlevel computers.
Validate hybrid Azure AD join. See Validating Hybrid Azure AD Join.
Verify the registration. See Verifying Device Registration Status.