Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,663 questions
Windows 10 AAD-Joined Devices: Password is incorrect until Switch User is clicked
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 69%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETH%3C/text%3E%3C/svg%3E)
Trent Hansen
11
Reputation points
We have a fleet of Windows 10 devices, joined to Azure AD and managed by Intune.
After a recent upgrade to WIndows 10 21H1 (After setting update rings/feature update policies), users have started to experience issues logging in.
Namely, when they first try to log in, or when they are logging in after their screen locked or waking from sleep, they get a message that their username or password is incorrect.
Onscreen, it shows their display name, but will not accept their password, even though it's known to be correct by signing into a web browser on another computer.
However, if they click on Switch User, it returns to a screen that shows their login, and "Other User". If they enter their password here, it is accepted without issue and they log in.
At the least, I'm happy they can log in, but it seems a bit ridiculous that users have to click Switch User just to be able to unlock their PC or log in.
Is there a possible configuration issue in Intune that may be causing this? I've seen this across a couple of sites, with little consistency between them. Some are pure AAD, and some have been migrated from hybrid join to pure AAD.
Any assistance with this or pointers as to where I can look for information would be greatly appreciated. I have had little success finding much relevant information.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Crystal-MSFT 43,381 Reputation points Microsoft Vendor2022-11-18T01:19:26.027+00:00 @Anonymous , Thanks for your reply. For windows update ring and feature update policy, it only deploy settings to windows device, the update is controlled by windows update service or WSUS server.
https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-troubleshooting-windows-10-update-ring-policies/ba-p/714046#:~:text=Support%20Tip%3A%20Troubleshooting%20Windows%2010%20Update%20Ring%20Policies,getting%20applied%20on%20the%20client%3F%20...%20See%20More.After researching, I didn't find any known issue mentioned Intune configuration policy will cause user unable to logging via the previous profile. I notice windows and AAD tag is added. You can wait to see if any suggestion can be provided from AAD and windows side.
-
Trent Hansen 11 Reputation points
2022-11-18T02:31:15.843+00:00 I understand how update rings and feature update policies work, I was only mentioning them as that is the reason these devices updated to said Windows version. It was only after the most recent feature update they went through to 21H1 that this issue surfaced, so I thought it would be pertinent info.
Users have no issue logging into their previous profile. The issue is that the Windows login screen does not accept their password. When they hit Switch User, it displays their username again, and they can log in as normal. But until the click Switch User, even though the login screen shows their username, it does not accept their password. Once they do manage to log in, they are logged into the existing profile with all their files and settings intact.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT 28,321 Reputation points Microsoft Employee2022-11-18T04:40:59.973+00:00 @Anonymous Thank you for reaching out to us regarding this issue.
I would start investigating the AAD event logs in event viewer.
Located under Application and Services Log > Microsoft > Windows > AAD - AAD Analytic and operational logsAlso would like to know what happens once the user is able to login (using switch user) - user locks the computer - does the user can login back again normally or does he have to use switch user option again to get the desktop ?
I noticed while researching on this issue, On December 13, 2022, all editions of Windows 10, version 21H1 will reach end of servicing. The December 2022 security update, released on December 13, is the last update available for this version. After that date, devices running this version will no longer receive monthly security and quality updates containing protections from the latest security threats.
Reference: https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-21h1
I would recommend/suggest upgrading to the next version of windows 10
Let me know if you have any further questions.
-
Crystal-MSFT 43,381 Reputation points Microsoft Vendor
2022-11-21T05:13:34.543+00:00 @Anonymous ,Thanks for the reply. I have done test to deploy feature update to update my windows 10 device. After update to window 10 21H1., I can log the windows with the user password directly under login screen. No Need to click Other user to switch user. So I think your issue can be on the device side. Thanks!
-
Givary-MSFT 28,321 Reputation points Microsoft Employee
2022-11-30T06:03:45.133+00:00 Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back.
-
Trent Hansen 11 Reputation points
2022-12-01T23:46:27.747+00:00 I ended up finding the culprit. It was indeed a setting in our LogonExperience configuration profile. The offending setting (From Settings Catalog) was Authentication/EnableFastFirstSignIn. WHen this setting was enabled, the issue presented itself. When we removed this setting, the issue disappeared.
Sign in to comment