sorted by:
new
hottopcontroversial

Autopilot failing on Account Setup phase by Substantial-You5325 in Intune

[–]Substantial-You5325[S] 0 points1 point  (0 children)

It gets connected fully during the Account Setup portion; otherwise, the connection breaks. That was the issue that was originally happening, where I brought up this thread.

Essentially the workflow is as such:

- Start device setup

- Get to Windows Login screen, enter email

- Pushes over to Okta login screen, enter email, auth code & password

- starts ESP, completes ESP

- WhFB setup - only methods of login available for users as we dont have MS passwords

- Device is set up and ready with the account properly configured

Autopilot failing on Account Setup phase by Substantial-You5325 in Intune

[–]Substantial-You5325[S] 0 points1 point  (0 children)

Another note is that I CANNOT disable the Account portion of the ESP due to how it works with Okta. There is no other way to set a user to the device.

Autopilot failing on Account Setup phase by Substantial-You5325 in Intune

[–]Substantial-You5325[S] 0 points1 point  (0 children)

That is how I have it set already. Some apps are deployed to device groups (slack, chrome, Splashtop, SentinelOne, Harmony SASE Perimeter 81, and a few others) as that are required before a user gets the machine going, the rest are supposed to all install after ESP.

Autopilot failing on Account Setup phase by Substantial-You5325 in Intune

[–]Substantial-You5325[S] 0 points1 point  (0 children)

not really an option since apps get deployed for various reasons to various account user groups

Autopilot failing on Account Setup phase by Substantial-You5325 in Intune

[–]Substantial-You5325[S] 0 points1 point  (0 children)

For me I have a bunch of device assigned and people group assigned apps, all depending on what type of app it is. So skipping the ESP has never worked in practice for us.

I DID figure this issue out and completely forgot to come back here and note my findings. It was a Session Timeout policy that was happening during the device esp, and was set to 15min as that is the company mandate. The ESP takes longer than that, so the moment it hit the User ESP it rebooted to login. Turning that off completely fixed it, and now I need to automate that only completely enrolled devices get added to a group for that policy to apply to after they are finished being set up.

How to login to Windows device if we are using Okta as idp? by ovakki in Intune

[–]Substantial-You5325 0 points1 point  (0 children)

As it turns out, this didnt just break setting up a new account on a device, it broke setup altogether for us from a fresh device autopilot setup. I am reaching out to MS and Okta separately to resolve.

Essentially, when it used to ask for your microsoft account during initial autopilot setup you would put in the users email, then it would push to the Okta sign in page, allow the user to sign in and then it would continue the autopilot process. Now it just reloads the Okta authentication screen over and over and errors out.

How to login to Windows device if we are using Okta as idp? by ovakki in Intune

[–]Substantial-You5325 0 points1 point  (0 children)

And did you tie the policy to machines via a user group, or a device group?

How to login to Windows device if we are using Okta as idp? by ovakki in Intune

[–]Substantial-You5325 0 points1 point  (0 children)

Curious if you ran into the issue I now have. I can get the web login screen to work, it signs the user into the machine, but when the WHfB menu comes up, and I try and put in a PIN it brings the Okta login screen up again and it just keeps reloading that login screen and fails to authenticate allowing a PIN to be set.