May 09 2017
05:27 AM
- last edited on
Jan 14 2022
05:32 PM
by
TechCommunityAP
May 09 2017
05:27 AM
- last edited on
Jan 14 2022
05:32 PM
by
TechCommunityAP
Hi,
We have recently enforced Exchange Online (EXO) conditional Access to Outlook 2016 clients on Windows Machines ( that use Modern Authentication) to allow access only to Azure AD Joined devices.
After this change, a few users have reported issues in connecting Outlook. We have seen on these machines where Outlook have connection issues, the below event is recorded in the event log: Application & Service Logs -> Microsoft-Windows-User Device Registration/Admin.
"This Device is joined to Azure AD, however, the user did not sign-in with an Azure AD account. Microsoft Passport provisioning will not be enabled. User: S-1-5-21-xxxxxxxxx-xxxxxxx-xxxxxxxxxx-xxxxxx” logged in.
But the user is not having issues to login to o365 services with his/her Azure AD account. Only Outlook on Windows 10 machines which is enforced for EXO conditional access policy is having issue.
We have seen in a few cases that recreating the Windows Profile fixes the issue.
Any idea what is causing this event log or what might be the issue?
Thanks
May 09 2017 11:33 PM
You probably have stored credentials under Cred manager that Outlook reuses. Try removing them, see what happens.
May 16 2017 07:43 AM
Hi Vasil,
Clearing the credentials did not work.
Any thing else you can think of ?
May 16 2017 12:09 PM
Also we found that reinstalling MS Office 365 Pro Plus seems to fix this issue.
But still not sure what is that causing the issue?
May 17 2017 10:26 AM - edited May 17 2017 10:31 AM
We also find occassionally reinstalling MS Office 365 Pro Plus did not fix the issue.
We are getting this pop-up message also. "You can't get there from here.." . See attached screen shot.
We checked dsregsmd /status, Device status in Azure AD , Ms-Org certs and they all seem to be fine. The computer is Windows 10 OS and running MS Office 365 Pro Plus 16.0.x version.
Any help on what else we can check to identify the issue.
Nov 20 2017 03:09 PM
@Raj Krishnan Make sure users are on at least version 1607 of win10.
I'm getting this error as well. Any ideas anyone?
Jan 02 2018 01:20 AM
Same issue here since a few weeks, double checked our ADFS and actually the Device Registration works. The problems seems to be caused by the User State:
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : NO
AzureAdPrt : NO
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsUserAzureAD : NO
PolicyEnabled : NO
DeviceEligible : YES
SessionIsNotRemote : YES
X509CertRequired : NO
PreReqResult : WillNotProvision
Microsoft support has so far not being useful.. Case is still ongoing.