If you are working with MEM/Intune, you probably know that the common query (Get-CimInstance –ClassName Win32_ComputerSystem | Select-Object -expand UserName) used to identify logged-on user returns nothing if your user comes from Azure AD.
To find it, you’ll have to dig a bit in the registry:
Every logged-on users create a temporary “Volatile Environment” subkey in HKCU. If your user comes from Azure AD the domain name is always called “AzureAD”! That’s simple as that!.. As a bonus, the script will also detect current user in Windows Sandbox context (same problem as for Azure AD users) and will retrieve UPN when present. The script works with Admin or system account.
To make things easy to use, I’ve packed the logic into a Powershell script that you can grab from here.