Bring the web-sign-in feature to GA, it works for us
We’re successfully testing Intune device enrollment for Windows 10 with our Shibboleth IdP federated tenant. We’re using cloud only enrollment manager accounts and applying a web-sign-in policy when enrolling the machines. The end user does the web-sign-in but then has the option to enroll in Windows Hello and use a PIN going forward so it can be a sort of bootstrap procedure for them.
Tommy Doan commented
This functionality is of particular interest to the higher education community, many of which use a SAML IdP for SSO!
We would like to roll that out to our windows devices to leverage our MFA over Modern auth - we have about 3000 machines.