Forum Discussion
Azure AD Join and Windows 10/Outlook 2016 and EXO conditional Access
Hi,
We have recently enforced Exchange Online (EXO) conditional Access to Outlook 2016 clients on Windows Machines ( that use Modern Authentication) to allow access only to Azure AD Joined devices.
After this change, a few users have reported issues in connecting Outlook. We have seen on these machines where Outlook have connection issues, the below event is recorded in the event log: Application & Service Logs -> Microsoft-Windows-User Device Registration/Admin.
"This Device is joined to Azure AD, however, the user did not sign-in with an Azure AD account. Microsoft Passport provisioning will not be enabled. User: S-1-5-21-xxxxxxxxx-xxxxxxx-xxxxxxxxxx-xxxxxx” logged in.
But the user is not having issues to login to o365 services with his/her Azure AD account. Only Outlook on Windows 10 machines which is enforced for EXO conditional access policy is having issue.
We have seen in a few cases that recreating the Windows Profile fixes the issue.
Any idea what is causing this event log or what might be the issue?
Thanks
You probably have stored credentials under Cred manager that Outlook reuses. Try removing them, see what happens.
Same issue here since a few weeks, double checked our ADFS and actually the Device Registration works. The problems seems to be caused by the User State:
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : NO
AzureAdPrt : NO+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+IsUserAzureAD : NO
PolicyEnabled : NO
DeviceEligible : YES
SessionIsNotRemote : YES
X509CertRequired : NO
PreReqResult : WillNotProvisionMicrosoft support has so far not being useful.. Case is still ongoing.
