unable to logon to the Intune Device

Copper Contributor

Hi, we have some users who are unable to logon to their Intune Azure AD joined devices (Win 10). When entering password it says "Password Incorrect". Same password works fine when they logon to the Office 365 on different computer.

In Intune portal, Devices tab shows that device as
Enabled Yes
Azure AD Joined
MDM None

 

Not sure how, but the MDM normally says "Microsoft Intune" and these users/devices has "None".
These users cannot logon to the device and also it doesn't gives me an option to logon as other user. Not sure what to do beside wiping it OR Is there a way I can manually add this device as Intune managed from the Azure Portal ?

 

Any help would be much appreciated, thank you.

17 Replies

@Abinash RGS ICT - Hotmailif the MDM is none there's probably something wrong with the Intune Auto Enrollment. For this to work correctly, your MDM User scope should be configured correct - can you check this?

 

https://docs.microsoft.com/en-us/intune/enrollment/quickstart-setup-auto-enrollment

 

 

@Jente_Vandijck 

Not sure if it is related to the MDM User Scope because I have successfully enrolled few Windows devices today.

 

MDM none is happening on few devices. These devices appears on "Azure AD Devices" but not on "All Devices".  Windows Enrolment >> Devices >> Serial number of device says Not Enrolled for the Enrolment State. Is there a way to re-enroll them without losing the data on the device ?

 

This is what we have for the MDM User Scope

screenshot: https://i.snipboard.io/7W3DUw.jpg 

 

 

@Abinash RGS ICT - HotmailSince your MDM user scope is set to all it should be ok. There is something else you should check:

 

Intune Portal > Device Enrollment > Windows Enrollment > CNAME Validation.

enter your domain and test if it's successfull.

 

Sadly, there is no official way to re-enroll your device without losing your profile (remove from Azure AD & add again) - that I know off. You won't loose the data, you just start with a clean profile (you can copy it manually after re-enrolling). I'm not sure if this still works, but you can try downloading the Company Portal App and see what information this gives.

 

CNAME test says it is configured successfully.

If I do Shift+Restart >> Troubleshoot >> Reset this PC >> Keep my files >> reboot then re-enrol with the same user, will this let me keep the existing files ?
Hi Abinash,

Could you login to the devices with your Global Admin account? Try to access the pc locally and check if the pc if enrolled correctly. I’m interest in going to Work and School account and force Sync to Intune.

Thanks!
Moe
Hi Abinash - I'm not sure about this. The worst that could happen is that you manually need to copy all files to the new profile. As moe asked, are you able to logon with an Azure AD Admin?

I am unable to logon with global admin as well. It throws same error "The password is incorrect. Try again"

@Abinash RGS ICT - Hotmailhmm, weird. Hard to troubleshoot without access. I would reset the device, that would be your fastest solution.

I went through the Troubleshoot >> Advanced Options >> Command Prompt and managed to logon as local administrator. Restarted the device and it now let me logon as local admin >> tried dsregcmd /status which shows AzureAdJoined: No, EnterpriseJoined: No, however Azure AD portal says Azure AD Joined with MDM None. Went through Settings >> Accounts >> Access work or school >> Connect and entered the device owner username password >> restarted the device >> tried to logon as same user but it says "The password is incorrect. Try again". Tried logon with global admin account but with same error. dsregcmd /status now shows AzureAdJoined: Yes.

Logged on as local administrator >> Joined the device to the Azure AD with the same user credentials. After restart, user can now logon.

@Abinash RGS ICT - HotmailThank you for the information! Glad you fixed it.

@Abinash RGS ICT - Hotmail did you ever find root cause? - We are just starting with autopilot and every device we enroll has this issue. It will not let anyone log in

Hello @Jebba 

 

Are your devices successfully joined to Azure AD? What join type do you use?

 

//

Nicklas Ahlberg

Yes. The devices are joined. It is a simple AAD join. The devices provision and hello for business is configured during provisioning. The device boots into windows at the end of provisioning, but if you reboot or log out of the device you cannot use a password to login. The hello for business method configured does work though.

@Jebba Did you were able to solve the issue ? I am facing the same issue exactly able to login with Windows Hello but password still fails 

I'm having the same issue. Anyone figure this out yet? Also, how can you register the device with AAD when logged in as the local admin? dsregcmd is not available as its not a domain account?
Register is different to join and you would typically do a register or a personal join while logged in as a local admin on the device.

It would be interesting to know your enrolment scope settings as well as WHfB global settings and device enrollment restrictions, if you have any set.