Jul 14 2022 06:33 AM
Hi All,
I am currently in the middle of rolling out an Intune deployment strategy using Azure AD Joined rather than Hybrid Azure AD Joined. Everything is working as intended with the exception of an issue I am having after the device is provisioned during the Autopilot/OOBE process.
Before I reach the ESP page, I authenticate using MFA with Ping Identity. After I am authenticated, I am taken to the ESP page where the Device Preparation, Device Setup, and Account Setup are completed successfully. After the Account Setup stage is finished, I am taken directly to the workstation desktop where I am able to use the computer. The issue occurs if the computer is locked or restarted. I try to use the username and password that is associated to the user that was created in AD, but I receive the "User name or password is incorrect" message. The only way that I've been able to resolve this issue is change the domain part of the UPN of my user in AD. I'm not sure if the issue is that the user info is not getting cached after the OOBE, or if the issue is with WS-Trust or something completely different.
What am I missing? Any help would be greatly appreciated.
Jul 14 2022 02:42 PM
Jul 14 2022 09:44 PM - edited Jul 14 2022 09:46 PM
What do you mean with „change the domain part of the UPN of my user in AD“
You can configure a device restriction policy and set the setting Password\Preferred Azure AD tenant then it is not longer needed to login with upn then the user id is sufficient after the enrollment.
Jul 15 2022 12:24 AM
Jul 15 2022 06:23 AM
Jul 15 2022 06:26 AM
Jul 15 2022 06:28 AM
Feb 26 2023 10:47 AM
Hello Gents,
Was a solution to this ever found? I am experiencing this same scenario at the moment with my Azure Joined test device.
Thanks,
Aug 09 2023 12:12 AM
@David256 also interested on the resolution of this one as it’s happening in my environment that uses 3rd party IDP