Windows 10: Why can User Still Sign-in to Domain Joined Computer Using PIN After Account is...

This is a huge security issue.1. Test user Microsoft Azure AD account has been disabled and sessions revoked through Microsoft Azure.2. Test user's domain joined computer was restart using remote software.3. Test user can still login to their computer with pin or face ID whether the computer is connected to the internet or not.The ability for them to login was not due to a delay in the system. I made sure that the test user could not access M365 resources before locking the computer and restarting it. Why is the user still able to login to the computer? Microsoft should remove the cache'd pass

:)

 

UnattendedJoin error: failed to find the domain data (0x6e)

Thanks for the suggestion! I don't want to add a domain account, as this is a generic unattended install that will be used for all company machines. Do you think it's possible that the computer would join the domain if, instead of using UnattendedJoin in specialize, I used your steps but left out the specific account?

The other thing I was thinking was to use a generic account to allow the domain join during the specialize step. I added a machine password in the UnattendedJoin component, and instead of getting the error listed above, I got an authentication error, which makes me think I could probably do a secure join instead of the unsecure join.

Thoughts?

 

Created MS account, joined to domain, cannot sign on as MS account


I just got a Surface Pro 4. I signed into it with my Microsoft account, and later joined it to my work domain. I wanted to use Cortana with Office, so I tried starting it up. It prompted for a Microsoft account, I entered my existing one, and it says "another user on this device uses this Microsoft account, so you can't add it here."

I was able to delete the local account signed in as my Microsoft account via Accounts, but I still got that error trying to join the domain.

I rebooted, the error persisted.

I ran netplwiz and deleted the local account there as well - the same issue recurred.

I rebooted again after the netplwiz delete - the same issue recurred.

Anything else I need to do in order to sync Cortana to my MS account while joined to the domain?

 

Domain Joined Windows 10 - Fast User Switching


When signing in to a Windows PC which has joined a domain with other than a domain account, you need to use a so called full username (ComputerName\UserProfileName).




In above screenshot example I simply replaced the default domain username with the credentials of a local account using the full username and can now sign in using those credentials.

Clicking the link How do I sign in to another domain shows these instructions: