Home
Join

4 Replies

  • Yes, you can configure Endpoint Management using only the built-in Azure AD.

    The official domain login for each user becomes AzureAD\UserName.

    Best way is to set up a test laptop and run it through the paces.  It helps because sometimes you can run into a snag if you don't understand one of the OOBE configuration options fully.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Collin8612 wrote:

    Yes, you can configure Endpoint Management using only the built-in Azure AD.

    The official domain login for each user becomes AzureAD\UserName.

    Best way is to set up a test laptop and run it through the paces.  It helps because sometimes you can run into a snag if you don't understand one of the OOBE configuration options fully.

    You can get some endpoint management with Intune, yes, but can you use Windows Hello for Business using only AAD/Intune?  The AAD environment is already standing and we've had a few test machines joined to it, but we have a specific requirement to have MFA to get to the desktop that WHfB can supposedly fulfil, but I'm finding the documentation about setting that up lacking. 

    Was this post helpful? thumb_up thumb_down
  • After looking a few other places, I'm getting more sources saying that you can, but I still haven't seen any instruction on how to do this without an on-prem setup to back it :( I'm going to play around with the options for it in Intune and see if I can make it work, but I unfortunately don't have a GCC High test environment so I'll have to do the config on the live environment and see how it goes. If it works, I'll try to remember to post my steps here. 

    Was this post helpful? thumb_up thumb_down
  • Well, I'm a bit confused because Windows Hello through Intune (Endpoint Manager) works very well without an on-prem Active Directory server. Come to think of it I haven't tried to do it with an on-prem server. Also I'm sorry I was confusing Windows Hello and Windows Hello for Business.

    So, I read up the basic tech docs:

    https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-overv...

    https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-i...

    You are probably already ahead of me there. What I'm reading, though, is that you can set up WHfB through MDM policy. Its access through Endpoint Manager > Home > Device Enrollment > Windows Hello for Business.

    Of course, the devices need to be added to your manged devices through Autopilot.

    attach_file Attachment WHfB.png 47.2 KB
    Was this post helpful? thumb_up thumb_down

Read these next...