/
  • Last updated
/
  • 6 min read

How to Disconnect a Windows 10 PC from Azure AD

How to Disconnect a Windows 10 PC from Azure AD blog banner image

This tutorial explains how to disconnect a Windows 10 PC from Azure AD. It details how to remove Azure AD from a Windows 10 device by creating a new local user account, migrating your data to it before making the switch, and finally disconnecting from an Azure AD domain.

Important information before you begin

You cannot directly convert an Azure AD account to a local user account. You must create a new local account (or an account signed in using your personal Microsoft account), move your data to it from your Azure AD account, and then disconnect your Azure AD account (which will permanently remove the remaining data in it in the process).

Azure AD is Microsoft’s cloud identity and access management solution that lets you sign in with an organization to access email, apps, and other resources. When your device is connected to Azure AD, the organization may gain control over certain aspects of your device, so it’s important that they communicate clearly what they will have control or visibility over.

If you are using a personal device to sign in with an Azure AD account, you will probably want to remove that account when you no longer need to connect to an organization’s resources to ensure you have full control over it again.

What you must do before you disconnect your Windows PC from Azure AD

There are a few steps you must take before disconnecting your Windows 10 PC from Azure Active Directory:

  • Back up your files externally: While the steps below include copying your existing data to your new local account, you should ensure you have made a backup of all the data you want to keep to an external drive or network share as an extra precaution.
  • Back up your settings and passwords: Remember to export additional data and settings for any apps that you plan to keep on using that can be re-imported (for example, your web browser bookmarks). You should also export any saved passwords and make sure you can log into all of your accounts with them before deleting your old profile.
  • Consider backing up your whole Azure AD profile directory: This will capture everything, but it’s often easier to re-import data using an app’s built-in import/export tool. Backing up your whole profile also means you will copy a great deal of hidden data you may not need. You may elect to back up your entire user directory (for example C:\users\my_ad_account) to an external drive, and keep it for a period of time until you’re confident you didn’t leave any required files behind.

If your device is using BitLocker disk encryption, you should also make sure you back up your recovery key.

You should also ensure you have permission to disconnect your Windows Device from Azure AD. If it’s your personal device, you’re fine, but if it’s owned by your employer, school, or other organization, you should check first.

Disconnecting a Windows PC from Azure Active Directory will not remove any installed software. If there is remote management software installed, or additional security policies have been configured, these will not be deleted, and you will need to identify and remove them (or contact your IT department to assist).

Step-by-Step: How to disconnect a Windows 10 PC from Azure AD using Windows Settings

Here’s what you need to do to disconnect your Windows 10 PC from Azure Active Directory.

#1. Ensure you have a local administrator account

First, check that you have an existing account with administrator privileges, or create one if you do not:

  • Right-click the Start button and click Settings
  • Navigate to Settings > Accounts Family & other users
  • Under Other users, click Add someone else to this PC (or, confirm there is already a local administrator account present that you can use)

Family and other users dialog box

  • Supply the details of the Microsoft account for this new user, or click I don’t have this person’s sign in information and then Add a user without a Microsoft account to create a local account, and then fill out the username and password
  • Back in the Settings app, select the username for the new user and then Change account type

Change account type for the new user

  • Change the Account type dropdown to Administrator and press OK

Change account type

#2. Copy your data and confirm access to your local user account

In addition to your external backup, copy the data you want to keep from your old Azure AD user profile to the C:\Users\Public directory. Then, log in as your new local user, and move the data from the public folder into it. Restore/import any other settings you’re keeping, and then make sure everything you wish to keep is accessible.

If you are migrating to a different AD tenant, you can wait until you have disconnected from the current tenant, and move files to your new Azure AD profile from the public folder later. You can rejoin an Azure AD tenant after disconnecting.

If you are not copying any data, it is still worth confirming that you have access to your local administrator account by logging in to it, so that you aren’t locked out when you disconnect from Azure AD.

#3. Disconnect from Azure AD

Once you have confirmed that you have a copy of your data, and access to a local administrator account, you can disconnect from Azure AD:

  • Navigate back to Settings > Accounts Family & other users
  • Click Access work or school in the navigation sidebar
  • Identify the Azure AD tenant you wish to disconnect from and click the Disconnect button next to it (if it is greyed out, you may need to contact your IT department)
  • When asked Are you sure you want to remove this account? Press Yes
  • You will again be asked to confirm whether to Disconnect from the organization. Press Disconnect to confirm
  • Enter the login details for your local administrator account to confirm that you will have access
  • Click Restart now to restart and complete the process

#4. Tidy up

If the old user profile directory for your AD account is still present in the C:\Users directory, it can be deleted. You may also wish to confirm with your IT department that the device has successfully been removed from their Azure AD admin portal and remote management tools.

Managing Azure AD users and securing their devices remotely

If you’re an IT administrator, maintaining oversight of mobile devices is critical to the security of your infrastructure and protection of your organization’s data.

NinjaOne Mobile device management (MDM) goes beyond Azure AD and Microsoft Intune, letting you deploy apps, manage security policies, and provide remote support for Windows, Apple, Android, and Linux devices. You can remotely enroll and disconnect devices, ensuring your users are secure. When a user wishes to leave, you can ensure that all access is revoked and that their devices are clean of sensitive information.

Start your Free Trial

You might also like

How to Change Automatic Maintenance Settings in Windows 10 blog banner image

How to Change Automatic Maintenance Settings in Windows 10

How to Set a Default Start Layout for Users in Windows 10 blog banner image

How to Set a Default Start Layout for Users in Windows 10

How to Add or Remove the Sign Out Option from the Start Menu in Windows blog banner image

How to Add or Remove the Sign Out Option from the Start Menu in Windows 10/11

How to Specify Delivery Optimization Download Mode in Windows 10:11 blog banner image

How to Specify Delivery Optimization Download Mode in Windows 10/11

Change Delivery Optimization Cache Drive for Updates in Windows blog banner image

Change Delivery Optimization Cache Drive for Updates in Windows 10/11

Hide Account Protection in Windows Security in Windows 10 and Windows 11 blog banner image

Hide Account Protection in Windows Security in Windows 10 and Windows 11

Back to Blog Home
Ready to simplify the hardest parts of IT?
Start a Free Trial
Get a demo
×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
I Accept