We have our devices hybrid joined to Azure AD and license our users with Windows Enterprise E3
We have had three users so far that unexpectedly had their PCs revert from an Enterprise to Pro license while working remotely.
We use Direct Access for remote connections.
While looking into this issue, I noticed that in the Azure sign-ins log for the last week, a total of five users (including those three) have numerous entries indicating failed sign-ins for application Windows Azure Active Directory. No other user has an entry for this as an application. Error code 50126, browser is always either outlook.exe, winword.exe, excel.exe, or sdxhelper.exe
Everyone else is running on Enterprise fine. These users also show plenty of successful logins for stuff like Office 365 Exchange online and so on. No one else shows sign-in entries for 'Windows Azure Active Directory' either, only the users that are having their computers revert licensing.
Any ideas?