Notes on This Section

Azure Portal -> Azure Active Directory -> Devices, or

Azure Portal -> Azure Active Directory -> Users -> (click a user) -> Devices

There isn’t a lot you can do on this screen: Disable or delete it, or the properties of the device is where you can find the Device ID if you need it. 

BitLocker Key IDs are also shown in the device properties. 

The list of Devices joined to Azure AD can be filtered and then downloaded as a list.

On the Devices screen, click Device Settings on the sidebar.

As you can see in the above image, the Device settings screen will show.

This is where you can manage which users can join devices to Azure AD, and whether Multi-Factor Authentication is turned on. 

NOTE: The MFA requirement here doesn’t apply to hybrid-joined machines. 

It also doesn’t apply to Azure AD-joined VMs in Azure, and Azure AD-Joined devices using Windows Autopilot self-deployment.

Also, additional users can be added to the Local Administrators group of any AAD-joined computer. They can be added here too.