Today a short blog about a new setting which will be introduced in the next major release of Windows 10, version 1809 or 1810, which is in preview at the moment of writing. This setting allows you to specify the preferred Azure AD Domain using a new Policy CSP setting under Authentication; PreferredAadTenantDomainName.
For example if you use inthecloud247.com as your tenant domain name, you could set this domain as preferred domain. After setting the preferred domain, user Peter now only needs to use “peter” to sign in to a device instead of using peter@inthecloud247.com.
Configuring the Intune policy
The information we need to set in an Intune policy can be found here. PreferredAadTenantDomainName is a new setting under the Policy CSP node Authentication. As you can read the scope is device and the value type is string. We have the information we need to setup the Intune policy and we go further with the configuration.
- Open the Azure Device Management Portal and click on Device Configuration – Profiles;
- On the Profiles tab click Create Profile and provide the required information;
Name: Provide the preferred name of the policy
Description: Provide a description (Optional)
Platform: Windows 10 and later
Profile type: Custom - On the Custom OMA-URI Settings tab click Add to open the Add Row tab. On the Add Row tab provide the following information and click OK;
Name: Provide the preferred name of row
Description: Provide a description (Optional)
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Authentication/PreferredAadTenantDomainName
Data type: String
Value: your preferred domain name (without quotes etc)
User-experience
Now let`s have a look at the user experience. Switch over to one of you Windows 10 devices (which runs the Windows 10 1810 preview) and perform a manual MDM sync. When the sync is finished, restart your device. On the sign-in screen you now see Sign in to: followed by the domain you set as preferred Azure AD Domain. The users are now able to sign-in to the device by only using the user name and with adding the domain name.
3 Comments
This was so helpful! I searched and searched the internet for this setting and I am so thankful I stumbled across your post. Thank you!
There is a MUCH easier way to do this under Device Restrictions –> Password that I recommend using instead. Less of a headache and can be easily undone, unlike this.
If only you could have provided a link or something to help the next person coming along.