Local admin user can no longer sign into AAD-joined computer

Aaron Seet 726 Reputation points

We were testing out Windows Autopilot + MDM with Intune using VM Windows 10 Enterprise clients. While the greenfield scenario was pretty straightforward and problem-free, testing brownfield scenarios (pre-existing pre-AAD-registered computers used by existing staff) have proven to be problematic. However I want to focus one specific case here.

I reset one VM to start all afresh, unrecognised by Azure AD or Intune. Since Windows 10 Enterprise does not support personal Microsoft accounts from initial setup, I had to create a local admin account. It was only after the setup could I later add my personal Microsoft account as a proper user for sign-in. (I don't know why Enterprise setup has to be so special and cannot be like Pro, but that's irrelevant to this case.)

Beyond that I connected my work account with the local admin account, thereby registering to our AAD and enrolled to Intune. Through multiple test cases, we learnt disappointingly that the same account used to register to AAD cannot be used to perform a join (it will result in "This device is already enrolled" error); a separate AAD account has to be used.

So we succeeded with AAD join using another user account. BUT NOW, the computer only allows my personal Microsoft account or AAD accounts to sign in. There's no way to sign in with the original local admin anymore.

alt text

It'll refuse with "the user name or password is incorrect. Try again."

How can I restore signing in with local admin users? Or is that a prohibited scenario now that Windows 10 Enterprise is AAD-joined?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,185 questions
0 comments No comments
{count} votes

Accepted answer
  1. Aaron Seet 726 Reputation points

    Ah, the usual "answer surfaces after posting question" phenomenon.

    To sign in as local user, have to explicitly state "COMPUTERNAME\autopilot" or ".\autopilot"

    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. YCAKUMAREX026 1 Reputation point

    .\local_user_name does not work after joining the azure virtual machine in domain.

    0 comments No comments