Hi @Razjan Baram , I'm awaiting a response from another engineer to narrow the issue down but I have some questions/details that may help you. Are you using Windows Hello for Business at all? Also, is this just 1 user, or have there been others?
- For Azure AD joined machines, the authentication is happening through Azure AD.
- Even if we rely on ADFS, the login to Windows is not based on the Kerberos authentication mechanism.
- For AAD joined machines, credential caching is not implemented in the Windows Credential Manager – a component which is manageable and allows for disabling the credential caching capabilities provided by the operating system.
- For AAD joined machines, credential caching is related to the Primary Refresh Token that is issued when a user is authenticated against Azure AD.
- This process is the Microsoft.AAD.BrokerPlugin framework which is a built on the newer application packaging framework.
- This component maintains a separate cache under %LOCALAPPDATA%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalState folder.
- These files get renewed when the PRT is refreshed/renewed.
- Password credentials get cached in the .PWD file and WHfB credentials get cached in the .NGC file.
The above steps were taken from a similar issue, so they not match yours exactly. However, it may help you find the issue if you want to trace it. In the meantime I am still searching for an exact solution for this and will let you know when I have one.
Best,
James