I found you can sign up for a free 1 month trial of Windows Azure this week and was impressed with its ease of use. You have to enter a credit / debit card and be careful not to let your trial over run. The phone support was very good - I got a call back within 1 hour after I raised an issue and the support staff assured me (azured me?) that when the trial period ends Microsoft will not charge me unless I explicitly opt in to a paid scheme. If I don't opt in they said they will keep my set up / data for a period afterwards in case I want to change my mind. I also got a phone call from a sales person whom I assured that I was never going to personally pay for it, but instead would use the service to develop training material for Quanta customers. The free trial is here:
So how does it work?
After signing up and creating your account you log into the Azure web portal at https://Manage.WindowsAzure.com and you automatically have an Azure AD domain set up using a name you specify - in my case QuantaXxxx
This Azure AD automatically has your account as the 'Global Admin'
On the Windows 10 device you can then join it to the Azure AD.
(I used a test 'on-prem' virtual machine - using Windows 10 Hyper-V of course but I suppose I could have used a cloud based VM as setting those up seemed pretty easy in Azure, too)
After installing a new Windows 10 operating system the initial set up wizard prompts you join Azure AD or local Active Directory. If you choose the latter option you don't immediately join a local Active Directory domain or Azure AD but use a local administrator account to later join either service.
I choose the option to join a local domain, to get past the set up wizard and joined Azure AD later in the 'Settings' of the device.
You then enter the name of your Azure AD such as QuantaXxxx.onMicrosoft.com - the automatically assigned name from the initial Azure set up.
It is also possible for a local Administrator to use Settings to join their local user account ( but not the device in general) to Azure AD in 'Work access' in Settings \ accounts \ Work access as shown below:
From the Azure web portal you can then create user accounts.
The password is set by Azure to prevent daft passwords but they are not too long - e.g. Buvz1234.
The accounts can then be managed as you might expect - added to groups you create, password reset etc.
On an Azure joined device the accounts can then be used to sign in using the User name such as Martin@QuantaXxx.onMicrosoft.com.
So why use Azure AD? One reason is to deploy Apps to users. Having joined the device and created the user and group accounts in azure AD, you can then choose readymade Apps or develop Apps to deliver to users by the group that they are in.