This is going to be a short blogpost on the updated experience on what it looks like for a user doing a out of the box Azure AD Join in the Anniversary Edition of Windows 10. There is a few and cool new things giving the user a much better experience.
One thing to notice is that Convenience Pin is disabled by default for Domain Joined or Azure AD Joined machines. Read on to learn how this affects the users.
I am having automatic enrollment Intune and I have setup a upgrade policy for upgrade to Enterprise Edition. I have setup integration with Windows Store for Business and deployed the Company Portal app from there. I also have Passport for Work, or Windows Hello for Business enabled through policies in Intune and are using Enterprise Roaming of user settings through Azure AD.
To be able to see this option you need to have Windows 10 Pro on your device. As you can see already here it explains better to the user what is going on. Windows is telling the user that the PC will be setup either as the Company’s PC or as a private PC.
Before marking your choice there is not much for the user to understand what is what here.
This is still a page where the user can get confused. A lot of normal users does not know the difference between Azure Active Directory and a local AD Domain. But just tell your users to choose Join AAD and they should be good to go.
Because I do have Multi-Factor Authentication required to join devices to Azure AD, I need to answer the challence on my phone to be able to continue. My user is already setup, but if not the user will here be prompted to provide the required information for MFA to work.
As before,, this can take some time to complete, but it “feels faster” 🙂
Now it is time to setup my PIN. This is also as before. Or is it?
This took some time to complete earlier, because we are actually setting up Windows Hello for Business (Passport for Work) it need to verify that you are in compliance with the policies.
Now, instead of you having to wait for this background processing to complete Windows 10 now allows you to move on to the desktop really quick and you can start to work.
The only reason the user is asked to set up a Pin is that I have enabled Windows Hello for Business (Passport for Work) in Intune Policies. If I disable that policy you will not be asked and the option to set a Pin is removed. (Grayed out in settings)
So what else happens in the background?
- My user settings have been pulled down from Azure AD giving me my preferred Windows 10 background picture.
- The PC has been upgraded to Windows 10 Enterprise without any user action or reboot. This is really cool.
- The Company Portal app has been pulled down from the Windows Store for Business and are ready for use. See earlier blogpost on this if interrested.
I hope you liked my little update on the user experience during OOBE for Azure AD Join on the Aniversary Edition of Windows 10.