To join an organization’s cloud-based identity infrastructure, devices are connected via the Azure Active Directory (Azure AD) Join platform. This allows connected devices to access essential productivity services like Microsoft 365, along with device management and monitoring tools such as Intune.
While this network can be useful for enterprise environments, there will be instances when a Windows 10 device needs to disconnect from Azure AD, such as when transferring ownership or leaving an organization.
In this article, we’ll explain how to disconnect your Windows 10 PC from Azure AD.
Step-by-step guide: disconnect from Azure AD
Before performing the instructions detailed below, make sure these requirements are met:
- Permission: Local administrator access on the device.
- Internet connection: The device must be connected to the internet.
- Account: Preferably sign in with a local account or admin account (not an Azure AD account that will be invalidated).
Step 1: Open Settings
Press Windows key + I on your keyboard to open the Settings app.
Step 2: Go to Accounts > Access work or school
Navigate to: Settings > Accounts > Access work or school
This section shows all organizational accounts linked to your device.
Step 3: Select Azure AD account
- Find the account labeled as Connected to <organization> Azure AD.
- Click on the entry to expand its options.
Step 4: Disconnect the account
- Click the Disconnect button. A confirmation prompt will appear:
- “Are you sure you want to remove this account?”
- Click Yes to proceed. You may be prompted for administrative authentication to continue.
Step 5: Confirm and restart
- After confirmation, Windows will sign you out and restart the device.
- Once rebooted, the device will no longer be Azure AD joined.
Want to understand the difference between Azure AD and traditional Active Directory?
→ Read NinjaOne’s comprehensive comparison
Why disconnect from Azure AD?
Here are the reasons that may require users to disconnect their Windows 10 PC from Azure AD:
- Decommissioning or repurposing a corporate device.
- Transitioning to a new identity platform (e.g., local Active Directory or workgroup).
- Resolving device registration issues or re-enrolling in Azure AD.
- Preparing the device for reassignment or resale.
Some considerations before disconnecting from Azure AD
While it can be vital in the situation mentioned above, disconnecting your Windows 10 PC from Azure AD may also cause the following implications:
- The device will be removed from Azure AD.
- The user will no longer be able to use Azure AD credentials to sign in.
- Company data, apps, and management policies may be removed.
- If managed by Intune, the device will also be unenrolled.
What happens after disconnection?
Once you disconnect from Azure AD, several configuration changes take effect immediately, such as the following:
- All Azure AD users are removed from the local machine.
- Access to corporate resources (mapped drives, email, etc.) is revoked.
- Intune or MDM policies are removed (if applicable).
- System reverts to local user accounts (if available) or prompts creation of a new account on next login.
Alternatives and related scenarios
Here are common use cases where disconnecting from Azure AD is part of a larger process:
| Scenario | Recommendation |
| The device will be rejoined to Azure AD | Disconnect, reset the PC, then rejoin Azure AD |
| The device is moving to local AD | Disconnect, then domain join to the local AD |
| The Intune-managed device is being retired | Disconnect and unenroll from Intune via Endpoint Manager |
Notes and recommendations
- Back up all important data before disconnecting to avoid accidental loss.
- Ensure that at least one local administrator account exists prior to disconnection.
- To verify the device’s current join status, run the following in Command Prompt:
- dsregcmd /status
- For bulk disconnections or enterprise offboarding, consider using Windows Autopilot Reset or performing a remote wipe through Intune.
Troubleshooting
Here are some of the most common issues one may encounter when disconnecting a Windows 10 PC from Azure AD.
| Issue | Resolution |
| The disconnect option is grayed out | Sign in using a local administrator account, not an Azure AD account |
| The device still appears in the Azure AD portal | An administrator must manually remove the device via the Azure portal |
| The device still shows in Intune | Perform a remote wipe or delete the record from Endpoint Manager |
Disconnecting a Windows 10 device from Azure AD
Disconnecting from Azure Active Directory is straightforward using the Windows 10 Settings interface. It helps ensure that corporate data, access, and policies are fully removed from the device. Disconnection from AD is a critical step in device lifecycle management, especially in hybrid or cloud-only environments.
While an easy procedure, there are important points to remember before disconnecting your Windows 10 device from Azure AD. First, always verify backup and account access before proceeding with disconnection. Admins should follow up by removing the device entry from Azure AD and any MDM systems if needed. After disconnecting, remember to remove the device from the Azure AD portal and any associated management systems like Intune to keep your environment clean and secure.
