20H2 Removing Device from Azure Domain

%3CLINGO-SUB%20id%3D%22lingo-sub-1868953%22%20slang%3D%22en-US%22%3E20H2%20Removing%20Device%20from%20Azure%20Domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1868953%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20organization%20has%20started%20to%20observe%20that%20devices%20who%20have%20processed%20the%20recent%2020H2%20update%20are%20no%20longer%20prompted%20to%20login%20with%20their%20azure%20ad%20account.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUpon%20investigation%20via%20access%20of%20system%20with%20a%20local%20account%20we%20find%20that%20the%20device%20is%20no%20longer%20joined%20to%20the%20Azure%20AD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFurther%20investigation%20with%20Azure%20AD%20Device%20Manager%20shows%20the%20device%20still%20present.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20fix%20the%20issue%20we%20are%20having%20to%20perform%20these%20steps%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Delete%20the%20Current%20Device%20Present%20in%20Azure%20AD%20Device%20Manager%3C%2FP%3E%3CP%3E2.%20Join%20Device%20to%20Azure%20AD%20(If%20above%20step%20is%20not%20taken%20the%20join%20will%20error%20stating%20device%20is%20already%20present)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1879433%22%20slang%3D%22en-US%22%3ERe%3A%2020H2%20Removing%20Device%20from%20Azure%20Domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1879433%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F863193%22%20target%3D%22_blank%22%3E%40CSCI-Nathan%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe're%20having%20the%20exact%20same%20issue.%20Been%20offloading%20clients%20from%20RDSH's%20to%20local%20devices%20as%20everything%20is%20becoming%20cloud-based.%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%3B%20recent%20updates%20seem%20to%20break%20AzureAD%20connection.%20Devices%20are%20still%20present%20in%20AzureAD%2C%20but%20on%20the%20device%20there%20is%20no%20notice%20of%20any%20domain-joined%20stuff..%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFigured%20out%20the%20same%20fix%20as%20you%20described%3A%20create%20local%20account%20via%20our%20software%20monitoring%20tool%2C%20remove%20device%20from%20AutoPilot%2FAzureAD%20and%20rejoin%20the%20device.%26nbsp%3B%3C%2FP%3E%3CP%3ELuckily%20no%20files%20are%20lost%20as%20the%20users%20can%20then%20login%20to%20the%20same%20account%20they%20used%20to%2C%20keeping%20their%20local%20files.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20a%20very%20bad%20update%3B%20these%20shenanigans%20are%20costing%20us%20a%20lot%20of%20time..%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1879930%22%20slang%3D%22en-US%22%3ERe%3A%2020H2%20Removing%20Device%20from%20Azure%20Domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1879930%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F866298%22%20target%3D%22_blank%22%3E%40MrIced%3C%2FA%3E%26nbsp%3BSame%20issues%20here%20reported%20at%20multiple%20customer%20tenants%20where%20after%20update%20Azure%20AD%20login%20disappears.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Visitor

My organization has started to observe that devices who have processed the recent 20H2 update are no longer prompted to login with their azure ad account.

 

Upon investigation via access of system with a local account we find that the device is no longer joined to the Azure AD.

 

Further investigation with Azure AD Device Manager shows the device still present.

 

To fix the issue we are having to perform these steps:

 

1. Delete the Current Device Present in Azure AD Device Manager

2. Join Device to Azure AD (If above step is not taken the join will error stating device is already present)

2 Replies

@CSCI-Nathan 

We're having the exact same issue. Been offloading clients from RDSH's to local devices as everything is becoming cloud-based. 

However; recent updates seem to break AzureAD connection. Devices are still present in AzureAD, but on the device there is no notice of any domain-joined stuff.. 

 

Figured out the same fix as you described: create local account via our software monitoring tool, remove device from AutoPilot/AzureAD and rejoin the device. 

Luckily no files are lost as the users can then login to the same account they used to, keeping their local files.

 

This is a very bad update; these shenanigans are costing us a lot of time..

@MrIced Same issues here reported at multiple customer tenants where after update Azure AD login disappears.