In this post, I will provide you the experience of Windows 10 1703 (RS2) Azure AD join and automatic MDM (Intune) enrollment. As you see in the above video tutorial, the real time experience of Windows 10 1703 Azure AD join and Intune auto enrollment. Windows 10 1703 is the latest version of Windows 10 production build this is also called as Red Stone 2(RS2) release. Windows team has done great work to improve the Out Of Box Experience(OOBE) of Windows 10 1703. I have a previous post which explains in depth process of AADJ and MDM auto enrollment “How to Join Windows 10 1607 Machines to Domain or Azure AD“.
Sign in with Microsoft School or Work account is the first screen you will get in the Windows 10 1703 Azure AD join OOBE. There is also a note on the same screen which helps users to select the account they want to use “Sign in with the username and password you use with Office 365 or business services from Microsoft”. Yes, this is generic kind of message. I think, it would be more helpful if Microsoft can explain the user to use his/her corporate account rather than using the technical terms like office 365 and Business services from Microsoft.
Windows 10 1703 OOBE Experience
Windows 10 1703 OOBE screen will give the user an option to choose a traditional domain join option instead. This will also give the user an option to create a local user account and login with that account. The Windows 10 1703 OOBE experience is improved a lot. It will ask to connect to Wi-Fi network, and it allows the user to connect to web-based authenticated Wi-Fi routers (Not all? Need to test this further). Once connected to the internet, it will check for the latest software updates available and install it.
Windows 10 1703 Azure AD Join Experience
Windows 10 1703 Azure AD join is almost fully automated process once the user enters their user name and password in the above mentioned OOBE screen. The user input is required on one particular screen, and that is the screen for privacy settings. Once the user is done with Windows 10 1703 privacy settings then, the device will get automatically logged with user name and password. Is it kind of new SSO for Windows 10 1703 Azure AD join? You can confirm the AAD Join from Settings – Accounts section in Windows 10 1703.
Windows 10 MDM Intune Auto Enrollment Experience
Once the Windows device is Azure AD joined then, it should automatically get enrolled to Intune management. In your Azure AD, you should have enabled MDM auto enrollment option to get this experience. In my experience with Windows 10 1703, I got the encryption policy popup from Intune compliance policy within few minutes of the first login to the device. The user can also check the Intune enrollment from School or Work Account section in Windows 10 settings menu. There is a change in GUI of Windows 10 MDM stack with respect to School or Work account settings. There is no manage tab in the Windows 10 work account which got added to the device, don’t get worried about that because that is a new design for Windows 10 1703. Windows 10 work/school account setting has only two tabs, and those are Info and Disconnect.
How do you manually sync or check for the new Intune policies in Windows 10 1703 device? The option is to click on Settings – Accounts – Access Work or School Account – Info – Sync. This will initiate an immediate policy sync with Intune services in the cloud. And intern the users Windows 10 device will receive the latest policies from Intune.
Windows 10 AAD Join and more – here