Event banner
Event details
I was recently testing installing Windows 11 24H2 using SCCM task sequences in our Entra hybrid joined environment. Sometimes after imaging I would get a toast notification: 'work or school account problem - to fix this, select this notification to sign in again.' Clicking through to fix it in Windows 11 settings > Accounts > access work or school > "sign in again to fix your work or school account" would just immediately fail with the message "sign in failed. please try again to repair your account". The machines appear to be correctly registered in Entra and Intune, and they do successfully get Intune policies, app deployments, etc. Any idea why this message keeps coming up and how to fix the supposed problem?
I did a little reading and some people recommended exempting Intune device enrollment from MFA Conditional Access requirements, but my understanding is that this shouldn't be necessary since our devices are Entra hybrid joined (and therefore are being registered in Intune by SCCM, and not logged-in user).
MicrosoftHi pc-88, have you validated the user has retrieved their PRT and that the hybrid join is truly complete? See for Troubleshoot Microsoft Entra hybrid joined devices - Microsoft Entra ID | Microsoft Learn for guidance on this.
If the device is receiving policy from Intune, then enrollment is complete and so exempting from MFA should be moot.