I try to re-explain the matter. 

I've a user that previous have his notebook, in workgroup mode before join a new Windows 2016 Domain.

Before join, he has Office 2016 installed and a O365 Business Premium license. He also create and it is owner (I checked) of some Sharepoint Team Sites. Before the join, if he need to modify a word document in one site; he opened the browser, authenticate with his name.surname@domain.ext and password credentials, click on the document and select modify document with Word installed on computer (not online).

So I create a domain, and join his computer, with forensit tool profwiz, to mantain his profile.

After this, to do the same operation it doesn't work. and in azure AD I see the log i attach in the first post.

Office application, for example Word 2016, ask the autentication, he enter his account like I wrote (name.suname.... and password), office ask another time the password, and word hang with this error: 

Something went wrong

We weren't able to register your device and add your account to Windows. Your access to org resources may be limited. (I translate the error because is in italian)

He has also TODO APP downloaded from windows app store, and also doesn't work with 0x80070520 error.

I also, from windows settings, removed O365 credentials and try to reconnect, but same result:

Something went wrong

We weren't able to register your device and add your account to Windows. Your access to org resources may be limited. 

So the user is unable to use O365 Sharepoint site, and I don't know if there is some matters.

Is actually the only user that have this issue, because the only user that has Windows 10 (17134), Win7Pro users seems doesn't have this issue.

I've some headache after a week waiting also Microsoft 365 support for an help and feeback...

I also configure domain users, that username is the userprincipalname attribute, that is name.surname@domain.ext like O365; and I haven't sync anything of my local Active Directory with Azure AD "free version" in O365, for example password hash or something else.

I hope now is a bit clear, and sorry for my bad english I suppose ;)

I try to re-explain the matter. 

I've a user that previous have his notebook, in workgroup mode before join a new Windows 2016 Domain.

Before join, he has Office 2016 installed and a O365 Business Premium license. He also create and it is owner (I checked) of some Sharepoint Team Sites. Before the join, if he need to modify a word document in one site; he opened the browser, authenticate with his name.surname@domain.ext and password credentials, click on the document and select modify document with Word installed on computer (not online).

So I create a domain, and join his computer, with forensit tool profwiz, to mantain his profile.

After this, to do the same operation it doesn't work. and in azure AD I see the log i attach in the first post.

Office application, for example Word 2016, ask the autentication, he enter his account like I wrote (name.suname.... and password), office ask another time the password, and word hang with this error: 

Something went wrong

We weren't able to register your device and add your account to Windows. Your access to org resources may be limited. (I translate the error because is in italian)

He has also TODO APP downloaded from windows app store, and also doesn't work with 0x80070520 error.

I also, from windows settings, removed O365 credentials and try to reconnect, but same result:

Something went wrong

We weren't able to register your device and add your account to Windows. Your access to org resources may be limited. 

So the user is unable to use O365 Sharepoint site, and I don't know if there is some matters.

Is actually the only user that have this issue, because the only user that has Windows 10 (17134), Win7Pro users seems doesn't have this issue.

I've some headache after a week waiting also Microsoft 365 support for an help and feeback...

I also configure domain users, that username is the userprincipalname attribute, that is name.surname@domain.ext like O365; and I haven't sync anything of my local Active Directory with Azure AD "free version" in O365, for example password hash or something else.

I hope now is a bit clear, and sorry for my bad english I suppose ;)

I try to re-explain the matter. 

I've a user that previous have his notebook, in workgroup mode before join a new Windows 2016 Domain.

Before join, he has Office 2016 installed and a O365 Business Premium license. He also create and it is owner (I checked) of some Sharepoint Team Sites. Before the join, if he need to modify a word document in one site; he opened the browser, authenticate with his name.surname@domain.ext and password credentials, click on the document and select modify document with Word installed on computer (not online).

So I create a domain, and join his computer, with forensit tool profwiz, to mantain his profile.

After this, to do the same operation it doesn't work. and in azure AD I see the log i attach in the first post.

Office application, for example Word 2016, ask the autentication, he enter his account like I wrote (name.suname.... and password), office ask another time the password, and word hang with this error: 

Something went wrong

We weren't able to register your device and add your account to Windows. Your access to org resources may be limited. (I translate the error because is in italian)

He has also TODO APP downloaded from windows app store, and also doesn't work with 0x80070520 error.

I also, from windows settings, removed O365 credentials and try to reconnect, but same result:

Something went wrong

We weren't able to register your device and add your account to Windows. Your access to org resources may be limited. 

So the user is unable to use O365 Sharepoint site, and I don't know if there is some matters.

Another detail: if I use the admin account of Office 365, instead the user account, for login as described before, so with the user in my case in the format admin@tenantdomain.onmicrosoft.com and password, the login was successful and in Azure AD log i see the device is registered.

Is actually the only user that have this issue, because the only user that has Windows 10 (17134), Win7Pro users seems doesn't have this issue.

I've some headache after a week waiting also Microsoft 365 support for an help and feeback...

I also configure domain users, that username is the userprincipalname attribute, that is name.surname@domain.ext like O365; and I haven't sync anything of my local Active Directory with Azure AD "free version" in O365, for example password hash or something else.

I hope now is a bit clear, and sorry for my bad english I suppose ;)

Do you use the same domain name for your local Active Directory as you use in Office 365?

Are you sure?! I see many other colleagues in other organization with same situation and no sync and no adfs and works correctly with no issues. I also don't understand.. they are atwo accounts; not one.. 

If you are right, I can temporary change the upn of the username from domain.it to domain.local and retry.

On the end user machine having the issue check

Windows integrated authentication enabled on the browser or try using private window.

In a elevated prompt run dsregcmd /status, maybe these would help to find out more. 

So it does seem like device registration is enforced for their organization? Can you check the settings in the Azure AD portal, namely the "Users may join devices to Azure AD" group under https://portal.azure.com/#blade/Microsoft_AAD_IAM/DevicesMenuBlade/DeviceSettings/menuId/

In addition, check for any Intune or Conditional Access policies that are enforcing the device registration requirement.

That's the result. In the domain name there is like domain.it but only DOMAIN in uppercase, without .it

"Users may join devices to Azure AD" -->  is set as TUTTO so i think in english mode is ALL without any user specified.

Check for any Intune or Conditional Access policies --> We havn't Intune, and azure premium either.

Meanwhile i do a dsregcmd /status (view before post) and also change the upn for the username to domain.local but the matter still remain.

Have you tried it with a new user profile on the client after changing the UPN?

I relogin with the same user, but instead name.surname@domain.it with name.surname@domain.local

Hello, could you solve this issue? If so, how? Seeing the exact same Problem. I think it is caused by profWiz, the same tool you used. Work Account cant be added and OneNote2016 is asking for authentification, but when i authentificat, i end up with Error 80090016 Key set (or storage) is missing (translated from german). When i try to add a Work Account i receive the same error as you did. We've used this tool with serveral hundred computer and did not have any issues before.

@Freddy86 after 4 months of investigations with microsoft, and full remove of O365 applications with a provided tool by microsoft, e full reinstall, unfortnately the problem still remained.

Meanwhile I found this post in the profwiz official forum:
http://forum.forensit.com/forum_posts.asp?TID=1633
there you can download a tool to try if this solve the matter. 

If not, like my case, I resolved with completely delete the user profile with administrator account, and recreate with a "clean" login of the user.. Losing all user settings indeed.

Please let me know if you resolve. Good Luck.