2400 error something went wrong - Certificate based access.

Brandon Nolet 0 Reputation points
2024-05-29T18:37:20.16+00:00

Hi all, we recently deployed CBA for pretty much all Microsoft related services, including Intune device management. Obviously there are carveouts for specific cases that allow enrollment of the device, but beyond that, it seems like many windows devices are not able to maintain the connection to Intune due to CBA. The first symptom seen was that Outlook (signed in via some connection that Windows makes by being enrolled) throws up an error 2400 like the screenshot attached. On the Entra side, we see a Sign-in error code 500187, and the Conditional Access failure is as attached. During this time, the user is still able to use web-based Microsoft apps in the browser. On the device authenticating there are both a Device and a User certificate assigned to Client Authentication, and the Device certificate also does server authentication and secure email. Syncing Company Portal can fix the issue temporarily, but the problem often returns. At some point, the company portal sync solution will fail, at which point we'll revoke all sessions and then logging into Outlook anew fixes the issue. If you need more information, I will provide what I can

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,099 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,743 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,630 questions
{count} votes