MicrosoftThanks for announcing this exciting news Lior_Bela!
We have customers who want to federate domains from Entra ID to a third-party IdP.
https://learn.microsoft.com/en-us/education/windows/federated-sign-in?tabs=intune#configure-federated-sign-in-for-student-assigned-11-devices
Therefore, there are specific enrollment requirements for Entra ID joined devices:
If you have a SAML 2.0 IdP, it's recommended to complete the Microsoft Entra join process using one of the following methods:
- Provisioning packages (PPKG)
- Windows Autopilot self-deploying mode
With Windows Autopilot self-deploying mode which was considered for shared devices we have no inbuild possibility to grant local admin permissions for the device assigned user. As a forecast maybe you can inform me about a planned config release regarding this need?
and as IndiaYankee wrote, we also registered some issues with the AAD self-deployed enrollment process (TPM evaluation).
IndiaYankee it seems to be a known issue: https://learn.microsoft.com/en-us/autopilot/known-issues#tpm-attestation-failure-with-error-code-0x81039001 (TPM attestation failure with error code 0x81039001)
Thanks
