A month ago we encountered an issue for new devices enrolled using Intune AutoPilot. Users were able to authenticate during the Windows 10 installation steps but they receive the message “The user name or password is incorrect” after setting up the device and before the user settings during enrollment. There were no good logs describing the reason behind the incorrect user name or password. The audit and sign-in logs also didn’t show any issues at first.

image

image

Problem

The problem was in the conditional access policies which hadn’t changed but weren’t working as expected anymore. We have one policy that requires the device to be compliant.

image

This policy was set for all cloud applications

image

We noticed the following entry in the sign-in logs for users

image

and also

image

Conditional access wasn’t applied for the first entry and the second entry showed “Success”

image

but looking further it did had a “Failure” requiring a compliant device.

Solution

The solution was simple as we excluded “Microsoft Intune Enrollment” (This was also the resource name from the failed sign-in) from the require a compliant device conditional access policy.

image

The device was restored to factory default and the user was able to finish the Windows 10 installation steps and configure Windows Hello for Business.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.