Simple Sign-In for AAD Joined Devices

We’ve had a couple of clients with AAD joined desktops looking to simplify the user logon experience. Windows Hello plays its part, but users working in organisations using traditional Usernames and Passwords – especially those with unreasonably long tenant aliases – the logon process can be a pain.

I’ve seen clients with tenant suffixes along the lines of ““, which users understandably get sick of typing! Thankfully, this can be very quickly resolved with InTune by specifying a Preferred Azure AD Tenant Domain.

1) Create a Device Configuration Profile and use the Template option

No alt text provided for this image

2) Select Device Restrictions, and in the Password section, specify your preferred Azure AD tenant domain.

No alt text provided for this image

3) Assign this new profile to All Devices (or a specific group of devices if you would like to test it first!)

No alt text provided for this image

4) After a policy refresh you will see that at logon, device defaults to the specified suffix, and users will no longer need to type their full email address

No alt text provided for this image

5) If you want or need to sign into a different tenant, you can do this by specifying the account with suffix.

No alt text provided for this image

That’s it!

I hope somebody finds this tip useful, please let me know if so! 🙂