Forum Discussion
Azure AD Join and Windows 10/Outlook 2016 and EXO conditional Access
Hi,
We have recently enforced Exchange Online (EXO) conditional Access to Outlook 2016 clients on Windows Machines ( that use Modern Authentication) to allow access only to Azure AD Joined devices.
After this change, a few users have reported issues in connecting Outlook. We have seen on these machines where Outlook have connection issues, the below event is recorded in the event log: Application & Service Logs -> Microsoft-Windows-User Device Registration/Admin.
"This Device is joined to Azure AD, however, the user did not sign-in with an Azure AD account. Microsoft Passport provisioning will not be enabled. User: S-1-5-21-xxxxxxxxx-xxxxxxx-xxxxxxxxxx-xxxxxx” logged in.
But the user is not having issues to login to o365 services with his/her Azure AD account. Only Outlook on Windows 10 machines which is enforced for EXO conditional access policy is having issue.
We have seen in a few cases that recreating the Windows Profile fixes the issue.
Any idea what is causing this event log or what might be the issue?
Thanks
6 Replies
Same issue here since a few weeks, double checked our ADFS and actually the Device Registration works. The problems seems to be caused by the User State:
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : NO
AzureAdPrt : NO+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+IsUserAzureAD : NO
PolicyEnabled : NO
DeviceEligible : YES
SessionIsNotRemote : YES
X509CertRequired : NO
PreReqResult : WillNotProvisionMicrosoft support has so far not being useful.. Case is still ongoing.
You probably have stored credentials under Cred manager that Outlook reuses. Try removing them, see what happens.
