Azure AD Join and Windows 10/Outlook 2016 and EXO conditional Access




We have recently enforced Exchange Online (EXO) conditional Access to Outlook 2016 clients on Windows Machines ( that use Modern Authentication) to allow access  only to Azure AD Joined devices.


After this change, a few users have reported issues in connecting Outlook.  We have seen on these machines where Outlook have connection issues, the below event is recorded in the event log: Application & Service Logs -> Microsoft-Windows-User Device Registration/Admin.


"This Device is joined to Azure AD, however, the user did not sign-in with an Azure AD account. Microsoft Passport provisioning will not be enabled. User: S-1-5-21-xxxxxxxxx-xxxxxxx-xxxxxxxxxx-xxxxxx” logged in.


But the user is not having issues to login to o365 services with his/her Azure AD account. Only Outlook on Windows 10 machines which is enforced for EXO conditional access policy is having issue.

We have seen in a few cases that recreating the Windows Profile fixes the issue.


Any idea what is causing this event log or what might be the issue?



6 Replies

You probably have stored credentials under Cred manager that Outlook reuses. Try removing them, see what happens.

Hi Vasil,


Clearing the credentials did not work.

Any thing else you can think of ?



Also we found that reinstalling MS Office 365 Pro Plus  seems to fix this issue.

But still not sure what is that causing the issue?

We also find occassionally reinstalling MS Office 365 Pro Plus did not fix the issue.


We are getting this pop-up message also. "You can't get there from here.." . See attached screen shot.


We checked dsregsmd /status, Device status in Azure AD , Ms-Org certs and they all seem to be fine. The computer is Windows 10  OS and running MS Office 365 Pro Plus 16.0.x version.


Any help on what else we can check to identify the issue.

@Raj Krishnan Make sure users are on at least version 1607 of win10.


I'm getting this error as well. Any ideas anyone?

Same issue here since a few weeks, double checked our ADFS and actually the Device Registration works. The problems seems to be caused by the User State:

| User State |

NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : NO
AzureAdPrt : NO

| Ngc Prerequisite Check |

IsUserAzureAD : NO
PolicyEnabled : NO
DeviceEligible : YES
SessionIsNotRemote : YES
X509CertRequired : NO
PreReqResult : WillNotProvision


Microsoft support has so far not being useful.. Case is still ongoing.