As you know, with Windows 10 you can join your device to Azure Active Directory and then use your user principal name (UPN) – which usually is also your email address.
In the past (aka when the device was Active Directory domain joined), end-users were used to enter their username using the ‘short name’ (aka SAMAccountName) to open their Windows session.
The ‘switch’ from the SAMAccountName to the UPN format was/is not always easy.
Well, good news! You can now define the default (or preferred) Azure AD tenant domain to use when signing on a Windows 10 AAD Joined, making things easier as end-users will be able to continue to enter ‘just’ their short username.
Off course, they can still continue/change to use the UPN format.
To configure the preferred domain, logon to your Azure portal (https://portal.azure.com) or Device Management portal (https://devicemanagement.microsoft.com) and reach out the Intune\Device Configuration\Profiles blade
Then create or edit the Device restriction profile and configure the Password\Preferred Azure AD tenant domain field with the domain matching the domain part of the UPN
Once the policy is applied to your Intune Windows 10 devices, this domain will define as the one to use and your end-users just have to enter their ‘short’ username
NOTE this will also impact the domain used if you use Remote Desktop client to connect to remote devices; this has his importance if you need to logon using some local account (for example when logging on standalone/workgroup server)
Hello – In our case we have the SAMAccountname is different from the email address. Will these be helpful ?
It can help even if the SAMAccountname is different from the email address, in this case your users will have to enter the first part of their email address (aka firstname.lastname for example) instead of the SAMAccountname
The idea with this setting is to ‘reduce’ what the user needs to enter