Intune – You can define the default domain to use for authentication

As you know, with Windows 10 you can join your device to Azure Active Directory and then use your user principal name (UPN) – which usually is also your email address.

In the past (aka when the device was Active Directory domain joined), end-users were used to enter their username using the ‘short name’ (aka SAMAccountName) to open their Windows session.

The ‘switch’ from the SAMAccountName to the UPN format was/is not always easy.

Well, good news! You can now define the default (or preferred) Azure AD tenant domain to use when signing on a Windows 10 AAD Joined, making things easier as end-users will be able to continue to enter ‘just’ their short username.

Off course, they can still continue/change to use the UPN format.

To configure the preferred domain, logon to your Azure portal ( or Device Management portal ( and reach out the Intune\Device Configuration\Profiles blade

image_thumb[1]  image_thumb

Then create or edit the Device restriction profile and configure the Password\Preferred Azure AD tenant domain field with the domain matching the domain part of the UPN


Once the policy is applied to your Intune Windows 10 devices, this domain will define as the one to use and your end-users just have to enter their ‘short’ username


NOTE this will also impact the domain used if you use Remote Desktop client to connect to remote devices; this has his importance if you need to logon using some local account (for example when logging on standalone/workgroup server)

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies