Forum Discussion

DamianL1984's avatar
DamianL1984
Copper Contributor
Oct 25, 2023

Autopilot pre-provisioning keeps to ask for Azure credentials in Account Setup

Hi Guys,

 

I created a Hybrid Joined autopilote profile for pre-provisioning. All works fine except situation where in Account Setup, after establishing connection to VPN and creation local profile, setup asks me for providing Azure Credentials and  shows prompt for "All my organization to manage my device". 

I know it related in situation where device in not being synchronizes to Entra ID in Hybrid state.

I ran a script to speed up this process but it seems the only result is to have mentioned prompt quicker. Time when device is showing up as Hybrid Joined is correlated with time when mentioned prompt appears.

I am wondering how to solve this?

Any tips will be much appreciated.

 

Thanks in advance and best regard,

DL

  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor

    Hi DamianL1984,

    The issue of Azure Autopilot pre-provisioning keeps asking for Azure credentials in Account Setup typically occurs when the device is not fully synchronized with Azure AD in a Hybrid state.

    This can be caused by a number of factors, including:

    • Issues with Azure AD Connect synchronization
    • Incorrect Hybrid Azure AD Join configuration
    • Incomplete device or user account synchronization
    • Conditional Access policies that trigger additional authentication
    • Misconfigured Intune policies
    • Network or VPN connectivity issues
    • Improper scripting or automation in the Autopilot process

    Troubleshooting and resolution steps:

    To troubleshoot and resolve this issue, you can try the following steps:

    1. Check Azure AD Sync Status: Verify that your on-premises Active Directory is synchronizing properly with Azure AD using Azure AD Connect. Ensure that there are no synchronization issues or errors in the synchronization logs.

    2. Hybrid Azure AD Join: Ensure that your devices are properly configured for Hybrid Azure AD Join. This involves configuring Azure AD Connect correctly, setting up the device registration settings in Azure AD, and ensuring that your on-premises Active Directory user accounts are synchronized with Azure AD.

    3. Device Synchronization: Confirm that the device records are synchronized to Azure AD before using them with Autopilot. You can check this by verifying that the device's state is "Hybrid Azure AD Joined" in the Azure AD portal.

    4. User Account Synchronization: Ensure that the user accounts associated with the devices are also synchronized to Azure AD. The user account being used for the Autopilot process should exist and be synchronized.

    5. Conditional Access Policies: Review your Azure AD Conditional Access policies. They can sometimes trigger additional authentication steps during the Autopilot process. Make sure your policies are not causing this issue.

    6. Intune Configuration: Double-check your Intune configuration and policies, as they can also influence the Autopilot process. Ensure that your Intune settings are correctly applied.

    7. Network and VPN: Verify that the network and VPN configurations are working as expected. Connectivity issues or misconfigurations in your VPN setup can cause delays in device registration and syncing.

    8. Scripting and Automation: Review the script you mentioned running to speed up the process. Ensure that it doesn't interfere with the expected Autopilot behavior. It's important to be cautious when using automation in the Autopilot process.

    9. Test Device Reset: You can also try resetting a device from the Azure portal and retesting the Autopilot process to see if the issue persists.


    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic
    (LinkedIn)

    • DamianL1984's avatar
      DamianL1984
      Copper Contributor
      Hi,

      I wasn't able to found a reason why this happens. However I have created two test account with exact the same settings, privileges etc. like my initial test account and all works well. So, for now at least, we decided not to dig into this and run pilot phase for users. If that issue occurs for users I will use some of available scripts for example script that resets computer when it will be set as Hybrid Joined.

      Thank you Leon ๐Ÿ™‚

      Best regards,
      Damian

Resources