Windows 10 Device with Office 365 losing Login Password

Solved
Peter_Inveros
Here to help

Windows 10 Device with Office 365 losing Login Password

Hello, 

We have successfully enroled macOS and iOS devices into MDM, however we has an issue enrolling Windows 10 devices as per the meraki instructions. After contacting Microsoft support to find the error 

MENROLL_E_USERLICENSE 0x80180018 The license of user is in bad state blocking enrollment; is because of Office365

 

I was told the CNAME records need to be deleted to aviod intune MDM enrolment 

 

EnterpriseEnrollment CNAME EnterpriseEnrollment.manage.microsoft.com 3600

EnterpriseRegistration CNAME EnterpriseRegistration.windows.net 3600

 

We removed the DNS (DNS Note: Any email can be entered here, as it is not used to authenticate the enrollment. If your organization has InTune bundled in with your Office365 or Azure instance, do not enter a domain-joined email, as it will begin enrollment into InTune instead of prompting for your server information to complete the following steps.)

 

After successfully deploying the windows machine and installing the Agent as per the Meraki instructions - all seeded to work perfectly, until we restarted the machine, and the User now cannot use the password on the Windows 10 computer, even after resetting the password will not resolve the issue. Has anyone seen this before ? 

 

We have not touched any standard settings on the Office365. Security and Compliance, or touched any intune settings on the Office365 dashboard 

 

 

 

 

1 Accepted Solution

looks like options are

SETUP A
Local account, with MDM profile and agent installed
SETUP B
Microsoft account (AzureAD) and only agent installed no profile
SETUP C (future) 
Meraki looks at adding Application to Azure to enrol MDM without breaking or needing the profile added to the computer itself !? 

View solution in original post

11 Replies 11
Peter_Inveros
Here to help

Note, the computers were setup for organisation not personal in the windows startup, i have set a local account, which will default to ever time we restart
PhilipDAth
Kind of a big deal
Kind of a big deal

I haven't experienced that issue; but I have had another issue.  I have had two machines I am playing with, both AzureAD joined, and enrolled with a Meraki profile.

 

If I leave the machines unused, and not logged in, for say two weeks, the primary Office 365 account that was used to log into the machine disappears - and the original user can no longer log in again.

 

So now I'm wondering about you saying you can not log in anymore - because the password no longer works.  Could it be perhaps not the password - but my case - where the whole account is now gone from the machine?

 

 

In my test machines, to get it working again, I had to repeat the AzureAD join process.

 

 

ps. I enabled the local Administrator account so I still have a way to login and see what is going on.

HI Philiip, 

This sounds exactly the same issue, it just leaves what looks like an empty account on the machine, previously the devices had profile but not the agent, and presented no issues. After removing the DNS CNAME, it connected and worked without issue.

 

The devices were registered using Enterprise Not Personal with Office365 Accounts. There was no Administrator local account. Did your setup work? I was planning today to see if i can rebuild with a local Admin account, but i dont see the point if the Microsoft Office account will just loose the credentials with Meraki Agent installed ? 

 

Have your machines worked properly now?

After removing the DNS CNAME, i installed the Agent , and this is where the Microsoft Account was lost, the profile picture and the password was lost, as we used Organisation not Personal in the setup, we did not have any local account to be able to access the machine again, without the device being able to confirm passwords, it rendered the machine useless.

Hello, i repeated the Azure join process however the AzureAD was removed again ??

For me, having just the agent installed works - it is only when I deploy the Meraki management profile to the Windows 10 device that it seems to kill the Azure AD membership (eventually, not straight away).

HI Philip, has anyone at Meraki aware of this issue ? 

I haven't mentioned it to anyone.  I wasn't sure if anyone else was also experiencing the issue.

support dont seem aware of it ! I will keep you posted to progress !

I am not sure if AzureAD needs registering so the deployed Devices can receive Meraki profile changes

 

Screenshot 2018-09-04 21.23.16.pngScreenshot 2018-09-04 21.22.45.png

looks like options are

SETUP A
Local account, with MDM profile and agent installed
SETUP B
Microsoft account (AzureAD) and only agent installed no profile
SETUP C (future) 
Meraki looks at adding Application to Azure to enrol MDM without breaking or needing the profile added to the computer itself !? 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels