Specify preferred Azure AD Domain with Intune

Today a short blog about a new setting which will be introduced in the next major release of Windows 10, version 1809 or 1810, which is in preview at the moment of writing. This setting allows you to specify the preferred Azure AD Domain using a new Policy CSP setting under Authentication; PreferredAadTenantDomainName.
For example if you use inthecloud247.com as your tenant domain name, you could set this domain as preferred domain. After setting the preferred domain, user Peter now only needs to use “peter” to sign in to a device instead of using peter@inthecloud247.com.

Configuring the Intune policy

The information we need to set in an Intune policy can be found herePreferredAadTenantDomainName is a new setting under the Policy CSP node Authentication. As you can read the scope is device and the value type is string. We have the information we need to setup the Intune policy and we go further with the configuration.

  1. Open the Azure Device Management Portal and click on Device ConfigurationProfiles;
  2. On the Profiles tab click Create Profile and provide the required information;
    Name: Provide the preferred name of the policy
    Description: Provide a description (Optional)
    Platform: Windows 10 and later
    Profile type: Custom
  3. On the Custom OMA-URI Settings tab click Add to open the Add Row tab. On the Add Row tab provide the following information and click OK;
    Name: Provide the preferred name of row
    Description: Provide a description (Optional)
    OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Authentication/PreferredAadTenantDomainName
    Data type: String
    Value: your preferred domain name (without quotes etc)

Intune policy

Add row


Now let`s have a look at the user experience. Switch over to one of you Windows 10 devices (which runs the Windows 10 1810 preview) and perform a manual MDM sync. When the sync is finished, restart your device. On the sign-in screen you now see Sign in to: followed by the domain you set as preferred Azure AD Domain. The users are now able to sign-in to the device by only using the user name and with adding the domain name.

User logon screen


  1. This was so helpful! I searched and searched the internet for this setting and I am so thankful I stumbled across your post. Thank you!

  2. There is a MUCH easier way to do this under Device Restrictions –> Password that I recommend using instead. Less of a headache and can be easily undone, unlike this.

    • If only you could have provided a link or something to help the next person coming along.

Leave a Reply

Your email address will not be published.