Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,570 questions
Sync not working for non-primary user on hybrid AD Joined device
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 64%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
CUCOOPE
191
Reputation points
Hi. I was trying out multiple users on a single device and I have encountered a problem where it seems that the device cannot verify the account I am signning in after signing out of the primary user's account.
It is a Hybrid-Azure AD Joined environment and the device have been synced to AAD. I used the user account ******@domain.com to sign in as a hybrid user WHFB\user01 and I can see the device being enrolled onto Intune and getting the profiles(I have it set up for Windows Hello for Business). But after signning out of the user01 account and using the other hybrid account ******@domain.com, it immediately prompts me that there is a "Work or school account problem" and asked me to sign in to fix my credentials. I signed into ******@domain.com in Settings but it took a looooong time to sign in. It showed error "caa50021" and the "sign in" windows dissappeared after a while. However, the "Work or school account problam" notification keeps popping up but there is no "Sign in" screen popping up when I click on it again. I couldn't sync the device using ******@domain.com since it "weren't able to verify your credentials". I also cannot sign into User01's account using the Windows Hello for Business PIN profile I've set earlier as it shows "Your credentials couldn't be verified" and shows status 0x00000bb.
I have set a user group in AAD and assigned the group for MDM enrollment and the Windows Hello for Business Profile on Intune. Both User01 and 02 have E3 license. What am I doing wrong here? Thanks!
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 25%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
Tom Murphy 0 Reputation points2023-08-08T09:17:56.6333333+00:00 I have the same issue, Hybrid AD joined, and enrolled into Intune via GPO, always get the prompt when I log in, takes ages to sign into the MFA prompt then takes 5 mins then the account sign-in goes away and then I'm
left with yellow text in Windows 11 saying it was unable to verify my credentials.
This must be a bigger issue, or are people using Hybrid AD Joined not trying to also use Intune to co-manage devices and GPOs for things Intune can't do?
Sign in to comment
Sign in to answer