You know, sometimes the simplest solutions require a bit of digging under the hood. When it comes to setting up Windows Hello for Business, especially if you're steering clear of the usual Configuration Manager or Intune UI, you might find yourself staring at an OMA-URI setting and wondering, "What exactly goes in this 'Tenant ID' field?"
It's a common question, and thankfully, the answer isn't as mysterious as it might seem. The magic happens through the PassportForWork Configuration Service Provider (CSP). This is the mechanism that allows you to provision Windows Hello for Business, and it's where that OMA-URI comes into play.
The specific OMA-URI you'll be working with is: ./Vendor/MSFT/PassportForWork/Tenantid. Now, the crucial part, and where many get a little turned around, is what to put after Tenantid. It's not your Intune Tenant ID, but rather your Azure Active Directory (Azure AD) Tenant ID. Think of it as the unique identifier for your organization's identity management in the cloud.
If you're not sure how to find your Azure AD Tenant ID, a quick PowerShell command can sort you out. I recall seeing a helpful guide on the Hey Scripting Guy blog that walks you through it – it’s a handy trick to have in your toolkit.
One important note, and this is something to really keep in mind, especially if you're using Intune: if you have an Intune subscription, make sure that Windows Hello for Business is set to 'Not configured' within the Intune UI. If it's configured there, your custom OMA-URI settings might just decide to take a holiday and not work as expected. This applies whether you're in a hybrid setup or a purely Intune standalone environment. It’s one of those little quirks that can save you a lot of head-scratching.
So, while the documentation might be there, sometimes a little clarification on where to point your configurations makes all the difference. It’s about making these powerful tools accessible, even when you’re working with the more granular settings.
