Hello,
For some background, we have a federated domain and a SSO setup with Duo. It is AD sync with Azure however it is not a Hybrid Azure AD setup.
I have been playing around with InTune for the past week or so, the plan is to get it set up so when we add a device to InTune (via the hardware hash) it will automatically assign it the right profile and when we enter the OOBE it will then ask for a work account, so when the user signs in it will apply all the necessary profiles and applications for that user.
My issue lies when the OOBE asks for a work or school account, If I enter a Domain account first.last@work.group it says something along the lines of
"Your organisation doesn't allow users to set up Windows this way. Use another email address or set up Windows with a local account"
however, if I was to sign in with a unlicensed 365 account (not an account on the domain) it logins in just fine, no issues, this then enrols the device also.
I then tried to sign out of the device and sign back in again with my first.last@work.group account but it just says
"Incorrect Username or Password. Try again"
I've been trying to figure this one out for the last couple of days but I can't seem to get anywhere.
Any help would be greatly appreciated
Thanks!
Edit: Changed some wording
Okay, so I have an update!
I checked with the other guys who originally setup the tenant and they never setup the MDM DNS records which I have now done.
How I am getting the company branding (Logo and Company) appear when I go through the OOBE however, my next issue is when I try to login with a user account that is On-Prem I get the error:
"we didnt find that email address in your organisation
I tried all the usernames i could think of:
first.name@company.onmicrosoft.com
first.name@company.group (our actual UPN)
first.name@companygroup.co.uk
But none of them seem to work, however the O365 only accounts work fine still.
EDIT: Update to my situation


