We’ve had a couple of clients with AAD joined desktops looking to simplify the user logon experience. Windows Hello plays its part, but users working in organisations using traditional Usernames and Passwords – especially those with unreasonably long tenant aliases – the logon process can be a pain.
I’ve seen clients with tenant suffixes along the lines of “CMBWSInternationalBankingOrganisation.com“, which users understandably get sick of typing! Thankfully, this can be very quickly resolved with InTune by specifying a Preferred Azure AD Tenant Domain.
1) Create a Device Configuration Profile and use the Template option
2) Select Device Restrictions, and in the Password section, specify your preferred Azure AD tenant domain.
3) Assign this new profile to All Devices (or a specific group of devices if you would like to test it first!)
4) After a policy refresh you will see that at logon, device defaults to the specified suffix, and users will no longer need to type their full email address
5) If you want or need to sign into a different tenant, you can do this by specifying the account with suffix.
I hope somebody finds this tip useful, please let me know if so! 🙂