configuring windows hello autopilot
Need ability to disable Windows Hello requirement during enrollment via AutoPilot. Currently, this is available if using Intune. After working with support, they explained this capability is made available to 3rd party MDM's but they must have this capability baked into their solution. Since 3rd party MDM enrollment is not completed until after completed the OOBE setup, this will prove difficult for most MDM providers. This should be configurable in the Autopilot enrollment policy or configurable via Azure AD. This is currently preventing us from adopting Autopilot.
Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to policies the management service provider expects to provision, delimited by the character L"\xF000" (the CSPLISTDELIMITER).
So you would want to make sure your MDM provider implemented the commands in the ‘firstsyncstatus’ category and also make sure they are targeting the device record as AAD would not yet have an AAD user token during OOBE