Share via

Windows 11 24h2 AutoPilot requireing 2 logins to enroll

Samuel Kieran Chidlow 0 Reputation points
2025-02-08T14:39:53.72+00:00

Hi All,
I am trying to set up windows Autopilot for Passwordless enrollment for all new users,
I am facing an issue that the user signs in once at the start of enrollment with a Temporary access pass or a passkey.
Then after device ESP they have to login again but this time i only have the option to use Email Address and password, If i choose sign in options i see 2 Password icons and no option for web sign in.

This seems to happen on and off with various users.

First of all the Device does not reboot during enrollment phases, I am using Open Intune Baselines on my user and also on device as shown in their documentation

The apps which block enrollment are Microsoft Office Apps, and a intune branding package which installs wallpapers and themes, Even when removing the Branding package this still is an issue.

Is this a known issue with 24h2 or is there something else i could check.

I think that maybe conditional access or something similar is causing an issue

Microsoft Security | Windows Autopilot
Microsoft Security | Intune | Enrollment
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 53,991 Reputation points Microsoft External Staff
    2025-02-10T02:37:10.06+00:00

    @sam chidlow, Thanks for posting in Q&A. For our issue, could you confirm if our issue affected with all devices or some?

    For 24H2, I find a known issue with DFCI enrollment.

    https://learn.microsoft.com/en-us/autopilot/known-issues#dfci-enrollment-fails-for-professional-editions-of-windows-11-version-24h2

    With Windows Autopilot Deployment and Intune, Unified Extensible Firmware Interface (UEFI) settings can be managed after the device is enrolled. UEFI settings can be managed by using the Device Firmware Configuration Interface (DFCI).

    https://learn.microsoft.com/en-us/autopilot/dfci-management

    If your device is with Windows 11, version 24H2 Pro edition, install KB5046740 or later to see fi the result will be different.

    For Conditional access policy, please check if the "Microsoft Intune Enrollment" and "Microsoft Intune" apps are excluded from your Conditional Access policies.

    Please try the above suggestions and if there's any update, feel free to let us know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Crystal-MSFT 53,991 Reputation points Microsoft External Staff
    2025-02-17T01:35:53.79+00:00

    @sam chidlow, Thanks for your update. I am glad that it is working well now. Congratulations! Here is a brief summary of our issue:

    Issue:

    Windows Autopilot for Passwordless enrollment has an issue that the user signs in once at the start of enrollment with a Temporary access pass or a passkey. Then after device ESP they have to login again but this time only have the option to use Email Address and password, After choosing sign in options can only see 2 Password icons and no option for web sign in.

    Resolution:

    User's image

    Thanks for your time and have a nice day!

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.