Disconnecting Azure AD requires careful planning to avoid disrupting your organization's workflow. You can disconnect Azure AD from your devices by removing the Azure AD account from the device.
To begin, sign in to the device as an administrator. This will give you the necessary permissions to make changes to the device settings.
You can then go to the device's settings and select the "Accounts" or "Users" option, depending on the device type. From there, you can remove the Azure AD account associated with your organization.
This process may vary depending on the device type and operating system. It's essential to refer to your device's user manual or online documentation for specific instructions.
On a similar theme: Azure Ad Unlock Account
Removing Devices from Azure AD
Removing devices from Azure AD is a straightforward process that can be done in a few ways. You can remove a device from Azure AD join using the Settings app on your Windows 10 or 11 device.
Suggestion: Device Is Joined to Azure Ad
To start, log in to your Windows device with your organizational account and go to Start, then click the Start button and select Settings. From there, select Accounts and then Access work or school.
Select the connected Azure AD domain account you want to remove and click Disconnect. You'll be prompted to confirm the removal, and once you click Yes, your access to resources like email, apps, and networks will be revoked.
Your organization may also remove data stored on the device, so be sure to save a copy of the BitLocker recovery key if your device has BitLocker installed and running.
Alternatively, you can use the Command Prompt to remove a device from Azure AD join. Type the Remove-AzureADDevice cmdlet to remove the specified device from Azure AD.
It's worth noting that running this command will delete devices without prompting, so be sure to double-check the device ID before running the command.
If you have a list of device serials, you can use the Remove-AzureADDevice cmdlet to remove them from Azure AD based on that list. This can be useful for cleaning up unneeded devices from Intune enrollment.
You might like: Delete Autopilot Device from Azure Ad
Here's a step-by-step guide to removing devices from Azure AD:
- Log in to your Windows device with your organizational account
- Go to Start, then click the Start button and select Settings
- Select Accounts and then Access work or school
- Select the connected Azure AD domain account you want to remove and click Disconnect
- Type the Remove-AzureADDevice cmdlet in the Command Prompt to remove the specified device from Azure AD
You can also validate the removal by checking the Join Status – Command Line Option. Open Command Prompt as an administrator and type dsregcmd /status. The AzureAdJoined field value should be NO.
Disable Directory Sync
To disable directory sync, you'll need to take two steps. Disable directory synchronization in both your on-premises AD and Microsoft Entra ID.
First, disable directory synchronization in your on-premises AD. This is the first part of the process, but it's not the last step. You'll need to take additional action in Microsoft Entra ID to fully disable directory sync.
Next, run the Update-MgOrganization cmdlet in Microsoft Entra ID to stop the synchronization. This may take up to 72 hours to complete, depending on the number of objects in your cloud service subscription account.
You can't cancel the disable action, so make sure you're ready for the process to complete before moving forward. If you choose to re-enable on-premises directory synchronization, a full synchronization of your synced objects will happen, which may take a considerable time.
To confirm that on-premises directory synchronization is disabled in Microsoft Entra ID, check that the OnPremisesSyncedEnabled property appears as a null (empty) value.
A fresh viewpoint: Active Directory Azure Office 365
Removing Windows 10 from Azure AD
Disconnecting your Windows 10 device from Azure AD is a straightforward process, but it's essential to be aware of the consequences. You'll lose access to school or work resources, and your organization might remove data stored on the device.
To start, login to Windows 10 with your organizational account. Then, go to Start and click the Start button, followed by Settings.
In the Settings app, navigate to Accounts > Access work or school. Select the connected Azure AD domain account that you want to remove, and click Disconnect. Confirm the removal by clicking Yes.
After disconnecting, you won't be able to sign in to this PC with your organization's account. If your PC has BitLocker installed and running, save a copy of the BitLocker recovery key somewhere other than this PC.
Click on Restart now or Restart later to complete the process. After restarting, your PC won't be joined to Azure AD. You'll need to sign in with another user account.
On a similar theme: Remove Azure Ad Connect
To validate the settings, open Command Prompt as an administrator and type dsregcmd /status. In the output, the AzureAdJoined field value should be NO.
Here's a summary of the steps to remove Windows 10 from Azure AD:
- Login to Windows 10 with your organizational account.
- Go to Start and click the Start button, followed by Settings.
- Navigate to Accounts > Access work or school.
- Click Disconnect on the connected Azure AD domain account.
- Confirm the removal by clicking Yes.
- Restart your PC to complete the process.
Remember, after disconnecting from Azure AD, you'll need to sign in with another user account to access your PC.
Featured Images: pexels.com
