Connect to work or school

When a user creates their first sign in account for a Windows 10 computer, they are given the choice of using a personal Microsoft account (such as @outlook.com), or using a local account (user ID and password only exist in Windows, stored on the local machine). Neither of these accounts will have access to company resources. 

The simplest method to enable seamless sign on with their company credentials is to connect it to the user's existing logon. When a user logs on in this way, they may still be prompted to select their stored credentials when they connect to some company resources, but will receive fewer prompts for their password and other credentials thereafter.

To configure this option, the user can go into the Start menu and search for Access work or school: 

Then, click on Connect and enter their company credentials when prompted:

The process will then register the device and link the user's logon credentials:

This option enables the device to be registered with Azure AD (workplace join) to become a recognized entity. This allows the device to be trusted as part of conditional access policies and multi-factor authentication.

Once the account is connected, the user can continue to use their personal login and gain access to company resources with a linked account.

If the device is also enrolled with the company MDM solution, then it can be set to automatically enroll the device with Azure AD (domain join). This enables the user to log in to Windows with their company credentials, instead of using their personal account. This is very similar to the user experience of a machine that would be joined to an on-premises AD domain, and enables a better SSO experience.