Intune – You can define the default domain to use for authentication

As you know, with Windows 10 you can join your device to Azure Active Directory and then use your user principal name (UPN) – which usually is also your email address.

In the past (aka when the device was Active Directory domain joined), end-users were used to enter their username using the ‘short name’ (aka SAMAccountName) to open their Windows session.

The ‘switch’ from the SAMAccountName to the UPN format was/is not always easy.

Well, good news! You can now define the default (or preferred) Azure AD tenant domain to use when signing on a Windows 10 AAD Joined, making things easier as end-users will be able to continue to enter ‘just’ their short username.

Off course, they can still continue/change to use the UPN format.

To configure the preferred domain, logon to your Azure portal (https://portal.azure.com) or Device Management portal (https://devicemanagement.microsoft.com) and reach out the Intune\Device Configuration\Profiles blade

image  image

Then create or edit the Device restriction profile and configure the Password\Preferred Azure AD tenant domain field with the domain matching the domain part of the UPN

image

Once the policy is applied to your Intune Windows 10 devices, this domain will define as the one to use and your end-users just have to enter their ‘short’ username

image

NOTE this will also impact the domain used if you use Remote Desktop client to connect to remote devices; this has his importance if you need to logon using some local account (for example when logging on standalone/workgroup server)

2 thoughts on “Intune – You can define the default domain to use for authentication”

    1. It can help even if the SAMAccountname is different from the email address, in this case your users will have to enter the first part of their email address (aka firstname.lastname for example) instead of the SAMAccountname
      The idea with this setting is to ‘reduce’ what the user needs to enter

Leave a Comment

Your email address will not be published. Required fields are marked *