Jan 29 2020 08:43 AM
Recently took delivery of 2 Surface hub 2S's. They are AzureAD joined and the documentation was followed to create the room accounts. However, now when any user goes to sign in to their meetings and files, they type the first few letters of their name, it lists the matching account, shows their email and photo, they click on it and then nothing happens and the window disappears. If they then instead manually click access your work or school account, then type in their full email address they can login to the device, but this is painful for users. And then once they are logged in, the whiteboard application is not, they have to go through the same process again for this app. Any ideas, please?
Feb 06 2020 04:24 PM
Feb 07 2020 01:00 AM
Many thanks, we've gone down the local admin route, for now, both devices are working as expected. Thanks you.
Mar 05 2020 04:45 PM
Jul 06 2020 02:35 AM - edited Jul 06 2020 02:46 AM
okay this is a nightmare.
We have about 40 Surface Hub 2 which were set up with a local admin. But as we have used the ppkg configuration designer method as we did not want to set them up all manually, the local admin password gets resetted all 42 day (stated here in some tiny tiny footnote: https://docs.microsoft.com/en-us/surface-hub/provisioning-packages-for-surface-hub#configure-setting...).
Now we tried to workaround this issue by enrolling some of the via AzureAD local admin to overcome password resetting. But then the Whiteboard App fails to login! Dead lock. And now? Throw 40 Surface Hubs 2 into the bin?
Jul 09 2020 01:02 AM
Jul 09 2020 07:09 AM
I have opened a ticket at Microsoft. This was the answer:
----------------------
The behavior you are seeing with AAD-joined Hubs is expected and documented, https://docs.microsoft.com/en-us/surface-hub/surface-hub-2s-prepare-environment#device-affiliation :
When affiliating Surface Hub 2S with Azure AD, single sign-on and Easy Authentication will not work.
"Easy Authnentication" is the login window that you see disappearing. If you click "Work or school" first and then "Continue" in the bottom right, then the login can proceed. It's also possible (via MDM policy or provisioning package) to hide the first windows/default to the "Work or school" flow.
But ultimately we would recommend joining to on-premises AD, instead of Azure AD, if you have that option. It will allow for SSO and Easy Auth to both work properly.
the Hub OS is getting updated later this year to a new release, and it will address the AAD/SSO issue among others.
The setting for hiding the Easy Auth window is documented at https://docs.microsoft.com/en-us/windows/client-management/mdm/surfacehub-csp
You have to set ./Vendor/MSFT/SurfaceHub/Properties/DisableSigninSuggestions to true (Boolean value)
----------------------
Jul 09 2020 07:15 AM