question

TusharAggarwal-5397 avatar image
2 Votes"
TusharAggarwal-5397 asked ChristopherEason-4537 edited

Azure AD account login option disappears from system after Windows update

Some of our clients are joined to Azure AD on their laptops running Windows 10 using Single Sign-On.

(Settings > User Accounts > Work or School Account > Connect > Join to Azure AD directory instead > Office 365 email address)

Azure AD sign-in on their laptops was running fine unless they ran windows update on their system and restarted their system. The Azure AD account disappeared completely from their sign-in option on the laptop. We had to use the local account (backup account) to sign in to their laptop, restore Windows to a previous build in order to fix the issue.

Thoughts?

azure-active-directorywindows-10-setup
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, do you still require assistance? If not, please mark the answer as verified.

Thank you,
James

0 Votes 0 ·
Bamikop-9347 avatar image
0 Votes"
Bamikop-9347 answered Bamikop-9347 published

Same problem here with over 100 clients!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GaryFuller-8885 avatar image
0 Votes"
GaryFuller-8885 answered

We have the same issue with some of our clients. Currently trying to find what update is causing this. If there is a local account on the device just sign in with this and then re-join back to AzureAD.. this saves time instead of restoring back to a previous build, giving that the other local account has admin privileges.

If I find the update causing this I will post back.

Cheers

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GavinPitt-3436 avatar image
0 Votes"
GavinPitt-3436 answered

I am seeing exactly the same problem with Windows 10 machines connected to Azure AD with Office 365 Standard as well as devices connected to Intune. Massive problem for us. The Intune devices cannot join again as we get Error 8018000a "This device is already enrolled" Has anyone made any further progress?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jordo-7340 avatar image
0 Votes"
Jordo-7340 answered MarileeTurscak-MSFT converted comment to answer

Found more info on this thought I'd update with my findings. This is an issue due to Feature Updates and Cumulative Updates causing Certificates to wiped during the Feature Updates. Only fix so far is rollback Feature Update or remove from Azure AD -- rejoin to domain from what I've found;

see more here;
https://borncity.com/win/2020/11/01/microsoft-besttigt-zertifikatsverlust-bei-windows-10-upgrades/
and here;
https://old.reddit.com/r/Intune/comments/jkbifu/feature_update_disconnecting_from_azure_adintune/?sort=new

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Cheers Jordo, luckily we have remote agents so we can remote shell to the device to create a local account if need be, then login and re-join Azure AD. Doesn't seem to be the case for some so their only option is to roll back.

0 Votes 0 ·

Glad there are others with the same problem. Wonder how many computers we will have to reinstall this week.

0 Votes 0 ·
MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

This is a known issue documented here. A fix is on its way.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YaroslavSokolov-6458 avatar image
0 Votes"
YaroslavSokolov-6458 answered

We are also experiencing the same problem.
@MarileeTurscak unfortunately I could not find this issue as a documented one on the page you linked.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ChristopherEason-4537 avatar image
0 Votes"
ChristopherEason-4537 answered ChristopherEason-4537 edited

Just ran into this.

Very stuck at the moment, since no local users available.

Replicated on a VM. Wondering if its a combination of our AAD settings and latest update.

Any tips on fixing without any local users created?

EDIT: Managed to boot to safe mode and users are back...

EDIT2: In safe mode can login with AAD user. Created a local admin account. Reboot and see login screen for "Other", and can login with AAD user again.

However, then disabled local admin again, reboot. No login available. Will try again and try to rebind to AAD.

EDIT3: Enabled local admin, trying to unbind from AAD... but wont take/allow local admin. Looks like only allowing MS/email.

If I delete device from AAD, will it unbind from Machine? or would rebind auto on reboot and add again to AAD?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ChristopherEason-4537 avatar image
0 Votes"
ChristopherEason-4537 answered ChristopherEason-4537 edited

Did a complete set:

safe boot, local admin, unbind, reboot.

Login local admin, rebind, reboot. Still good.

Disable local admin, reboot, no login.

Was working ok until latest updates. Also tried reset downloading from MS, in case rebinding straight from latest worked... no. Same issue.

Guess for now will have to leave at least 1 local user available.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.