How to switch from a local user account/profile , to using an Azure AD connected account/profile?
We have a few Surface Pro devices that have users logging into Windows 10 Pro using a local user account. We have since migrated to Microsoft 365 Business so I would like these users to start logging in using their M365 Azure AD account, so that they can self-service their login password and MFA method, as well as allowing me to better manage their device through InTune. How do I switch the user over to an Azure AD login account and Windows profile?Inability to delete Autopilot devices leads to endless supply of never cleaned up devices in AAD
I realize that the ability to delete Autopilot-enabled devices in Azure AD is by design, but I think I might be missing something. In Microsoft Store for Business, or in Endpoint Manager under Devices > Enroll Devices > Windows Autopilot Devices - I have my true list of unique hardware devices that are registered for Autopilot. I don't want to delete any of these that are not actually decommissioned. The problem I'm seeing, is with either regular Autopilot or Hybrid Autopilot, since/when devices are getting named with random characters (which for Hybrid Autopilot cannot be changed), I end up with orphaned AAD devices that cannot be deleted from anywhere. I haven't tested, but I believe with regular Autopilot, I could take advantage of the ability to always set the same device name. If so, then this issue I'm reporting is only a thing for Hybrid Autopilot. Is there any solution to delete old copies of the same machine. For example, I've reset the device, now it has two instances in AAD which cannot be deleted, but still just one instance in the MS Business Store or under Autopilot Devices in Endpoint Manager. If I again reset the device down the road, I'll have 3, and so on. Any suggestions/clues? Thanks in advance.
Join and manage Windows 10 device in different tenant than home tenant
Hi, A customer who owns an International Enterprise, has multiple regional AD forest domains syncing to one Azure AD tenant/ O365. He now has a special request. The customer would like to join the Windows 10 devices to Azure AD, but to a different tenant than the home tenant, where all users are synced towards. Is this a possible scenario, where autopilot or self registration (no hybrid join), can join another Azure AD domain than the current tenant where O365 has been configured for all users. The customer in this case would like to separate device management from the existing tenant.Azure AD Join SSO
Hello, We are using AuthenticationBroker (In a UWP App) to do SSO (IDP is Azure AD), and it is working fine if conditional access is not turned on with "Require Domain Joined Device". But when it is turned on, it will fail with error message saying the device is not recognized, even the device is Azure AD joined. We tried IE and Edge, it is working fine there. We've also tried using WebView to do SSO, it is the same behavior. My question is how do we authenticate user in UWP using SSO (Azure AD Join)? Thanks, George
