AutiPilot - additional Other User sing-in screen

%3CLINGO-SUB%20id%3D%22lingo-sub-1840315%22%20slang%3D%22en-US%22%3EAutiPilot%20-%20additional%20Other%20User%20sing-in%20screen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1840315%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%2C%3CBR%20%2F%3EDoes%20anyone%20noticed%20a%20different%20AutoPilot%20behavior%20with%20assigned%20user%3F%20There%20is%20an%20additional%20%E2%80%9COther%20User%E2%80%9D%20sign-in%20screen%20in-between%20that%20didn%E2%80%99t%20appear%20before.%20I%20cannot%20find%20out%2C%20is%20this%20something%20that%20has%20been%20recently%20changed%20(bad%20way)%20or%20I%20have%20made%20some%20misconfig%3F%20Second%20night%20spent%20on%20investigation%20and%20tests%E2%80%A6%20Any%20ideas%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1840315%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAutopilot%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1841599%22%20slang%3D%22en-US%22%3ERe%3A%20AutiPilot%20-%20additional%20Other%20User%20sing-in%20screen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1841599%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F160979%22%20target%3D%22_blank%22%3E%40Red%20Flag%3C%2FA%3Eok%2C%20let%20me%20self-serve%20-%20it's%20a%20know%20issue%20of%20ESP.%201.%20%3CFONT%3EA%20reboot%20during%20Device%20setup%20will%20force%20the%20user%20to%20enter%20their%20credentials%20before%20transitioning%20to%20Account%20setup%20phase.%20User%20credentials%20aren't%20preserved%20during%20reboot.%20Have%20the%20user%20enter%20their%20credentials%20then%20the%20Enrollment%20Status%20Page%20can%20continue.%202.%26nbsp%3BWhen%20the%20DeviceLock%20policy%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fclient-management%2Fmdm%2Fpolicy-csp-devicelock%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fclient-management%2Fmdm%2Fpolicy-csp-devicelock%3C%2FA%3E)%20is%20enabled%20as%20part%20of%20an%20ESP%20profile%2C%20the%20OOBE%20or%20user%20desktop%20autologon%20could%20fail%20unexpectantly%20for%20two%20reasons.%3CBR%20%2F%3E%E2%80%A2%20If%20the%20device%20didn't%20reboot%20before%20exiting%20the%20ESP%20Device%20setup%20phase%2C%20the%20user%20may%20be%20prompted%20to%20enter%20their%20Azure%20AD%20credentials.%20This%20prompt%20occurs%20instead%20of%20a%20successful%20autologon%20where%20the%20user%20sees%20the%20Windows%20first%20login%20animation.%3CBR%20%2F%3EThe%20autologon%20will%20fail%20if%20the%20device%20rebooted%20after%20the%20user%20entered%20their%20Azure%20AD%20credentials%20but%20before%20exiting%20the%20ESP%20Device%20setup%20phase.%20This%20failure%20occurs%20because%20the%20ESP%20Device%20setup%20phase%20never%20completed.%20The%20workaround%20is%20to%20reset%20the%20device.%3CBR%20%2F%3EMORE%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fenrollment%2Fwindows-enrollment-status%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fenrollment%2Fwindows-enrollment-status%3C%2FA%3E%3CBR%20%2F%3E%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi Team,
Does anyone noticed a different AutoPilot behavior with assigned user? There is an additional “Other User” sign-in screen in-between that didn’t appear before. I cannot find out, is this something that has been recently changed (bad way) or I have made some misconfig? Second night spent on investigation and tests… Any ideas?

1 Reply

@Red Flagok, let me self-serve - it's a know issue of ESP. 1. A reboot during Device setup will force the user to enter their credentials before transitioning to Account setup phase. User credentials aren't preserved during reboot. Have the user enter their credentials then the Enrollment Status Page can continue. 2. When the DeviceLock policy (https://docs.microsoft.com/windows/client-management/mdm/policy-csp-devicelock) is enabled as part of an ESP profile, the OOBE or user desktop autologon could fail unexpectantly for two reasons.
• If the device didn't reboot before exiting the ESP Device setup phase, the user may be prompted to enter their Azure AD credentials. This prompt occurs instead of a successful autologon where the user sees the Windows first login animation.
The autologon will fail if the device rebooted after the user entered their Azure AD credentials but before exiting the ESP Device setup phase. This failure occurs because the ESP Device setup phase never completed. The workaround is to reset the device.
MORE: https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-status