Forum Discussion

jaky's avatar
jaky
Copper Contributor
Oct 14, 2022

After enabling co-management users get prompt

Hi,

 I Enabled co-management, computers registers in AAD, enrolls in Intune, it seems that everything works - intune status - co-managed. But users get prompt that there is a problem with work or school account and they have to login.

Until user logins there is also an mdm sync error under info button in work or school account. Then user logins sync error disappears.

 

Why there is such prompt? I thought that sccm would enroll devices with device credentials and that would be enough? MS documentation states that co-management supports: "Ability to enroll devices without user interaction".

 

2fa isn’t used.


What I am missing here?

  • You would expect that message indeed to occur if you are requiring mfa... but as you are mentioning you are not using it... could you check out the Applications and Services Logs > Microsoft > Windows > AAD > Operational log to determine which error it is giving you
    • jaky's avatar
      jaky
      Copper Contributor
      Thank you for taking interest.
      I wasn't able to find a solution by these logs.

      event ID 1097 warning : Error: 0x4AA50081 An application specific account is loading in cloud joined session. Logged at ClientCache.cpp, line: 376, method: ClientCache::LoadPrimaryAccount.

      event id 1098 error : Error: 0xCAA9001A No endpoint information in discovery response.
      Exception of type 'class Exception' at UserRealm.cpp, line: 292, method: UserRealm::ParseResponse.
      Log: 0xcaa1007d Failed to acquire token by integrated Windows authentication.
      Logged at AggregatedTokenRequest.cpp, line: 182, method: AggregatedTokenRequest::UseWindowsIntegratedAuth.

      event id 1098 error: Error: 0xCAA9001A No endpoint information in discovery response.
      Exception of type 'class Exception' at UserRealm.cpp, line: 292, method: UserRealm::ParseResponse.
      Log: 0xcaa10082 Failed to acquire new token.
      Logged at AuthorizationClient.cpp, line: 304, method: ADALRT::AuthorizationClient::AcquireNewToken.

      event id 1097 warning: Error: 0x8AA5007C A suspending event for the AAD plugin was received.
      Logged at WebUIControllerWebView.cpp, line: 682, method: WebUIControllerWebView::WebViewSuspensionEvents::OnSuspending.
      • Just wondering but at the point in time when the devices get that policy , how does the dsregcmd /status /verbose looks like

Resources