A month ago we encountered an issue for new devices enrolled using Intune AutoPilot. Users were able to authenticate during the Windows 10 installation steps but they receive the message “The user name or password is incorrect” after setting up the device and before the user settings during enrollment. There were no good logs describing the reason behind the incorrect user name or password. The audit and sign-in logs also didn’t show any issues at first.
The problem was in the conditional access policies which hadn’t changed but weren’t working as expected anymore. We have one policy that requires the device to be compliant.
This policy was set for all cloud applications
We noticed the following entry in the sign-in logs for users
Conditional access wasn’t applied for the first entry and the second entry showed “Success”
but looking further it did had a “Failure” requiring a compliant device.
The solution was simple as we excluded “Microsoft Intune Enrollment” (This was also the resource name from the failed sign-in) from the require a compliant device conditional access policy.
The device was restored to factory default and the user was able to finish the Windows 10 installation steps and configure Windows Hello for Business.