Autopatch brings lot of new config profiles to Intune. Can it be that there is WHFB enablement through it? That's why you didnt experience this behavior before.
Windows Autopatch (Intune ESP) and passwordless enrollment conflict ?
Okey, so I learned that a reboot triggered during the device section in ESP when enrolling a new Windows client in Intune, causes the need for the user to authenticate with their password to continue the process. ( https://learn.microsoft.com/en-us/answers/questions/960560/temporary-access-pass-hello-for-business-setup-sti.html?childToView=1095807#comment-1095807)
When testing Windows Autopatch, we get a reboot during ESP.
From the eventlog; microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin
The following URI has triggered a reboot: (./Device/Vendor/MSFT/Policy/Config/Update/ManagePreviewBuilds).
Lo and behold; removing the device from the group created by the Autopatch Update ring profile, remedies the issue. No reboot, no password needed to complete (Win10 v 22H2 used).
Is there something to be done with this? Since MS is promoting passwordless, are they aware of the conflict that arises when other stuff breaks this because of reboots that it can't handle?
3 answers
Sort by: Most helpful
-
Pavel yannara Mirochnitchenko 12,596 Reputation points MVP
2023-01-06T19:51:04.58+00:00 -
Rudy Ooms 611 Reputation points MVP
2023-01-25T06:59:01.5133333+00:00 Sounds like the WUFB issue targetted at devices when windows 11 saw the first light :)
[https://call4cloud.nl/2022/04/dont-be-a-menace-to-autopilot-while-configuring-your-wufb-in-the-hood/
As autopatch also uses wufb... I am not surprised this issue is back
-
Stefan Jurt 0 Reputation points
2023-10-03T11:27:26.0166667+00:00 As a workaround you can enable web sign-in as described by @Peter van der Woude
https://www.petervanderwoude.nl/post/enabling-web-sign-in-to-windows-for-usage-with-temporary-access-pass/Like this you can sing in with TAP after the reboot to proceed with ESP user part.