Microsoft raised a new advisory to fix the Azure AD Join issue for New Devices “Something went wrong” Issue Login Error. The end users are getting the following error “something went wrong – Confirm that you are using the correct sign-in information and that your organization uses this feature.”
Microsoft is dealing with a new issue, and the users cannot perform Azure AD Join for new devices. It seems some users can’t Azure AD Join new devices. This issue is impacting Microsoft Identity Services. The current status of the advisory IS422930 is Degradation.
We think the Windows Autopilot services will also be impacted by this issue because the Microsoft advisory gives some indication that Impact is limited to users attempting to Azure AD join a device that is already enrolled in a large number of groups.
Normally all the Windows Autopilot imported devices will be part of many dynamic device groups. Hence our assumption is this issue has the potential to impact Windows Autopilot enrollments.
Update on 7:20 AM UTC 31st August 2022 – The issue is fixed and Microsoft is already advisory IS422930 status to Service Restored. More details on Root Cause and Workaround are given in the following sections of this post.
Read the similar issues – Outlook Teams Desktop Application Login Issues M365 Incident MO414814 and Email Alert Delay From Microsoft Admin Center Issue.
Issue: Azure AD Join for New Devices
Microsoft released a new advisory email alert around 6:30 PM UTC on 30th Aug 2022 to inform the customers that their “Identity Service” is facing a critical service issue. Identity Service is popularly known as Azure AD services.
The start time of the issue as per the advisory is 7:00 AM UTC – Thursday, August 18, 2022. The advisory doesn’t confirm anything, such as the collateral impact on the Windows Autopilot enrollment process. However, we think this issue could impact Autopilot enrollments.
As per the Microsoft advisory, IS422930, the impact is limited to new devices and users attempting to Azure AD join, especially when that device is already enrolled in a large number of groups.
FIX: Azure AD Join Issue for New Devices Something Went Wrong Login Error
There is no fix available while writing this post. However, Microsoft is investigating the issue, and they have already found the cause for the issue. Microsoft provided a manual workaround to fix Azure AD Join Issue, but I don’t think many organizations would be able to implement this workaround quickly.
Workaround: The admins can bypass the impact of this Azure AD Join issue by assigning the affected user directly to the Azure AD device settings policy rather than using group-based targeting.
The default settings of the Azure AD device Settings policy are configured to “User May Join Devices to Azure AD = All.” This workaround is a bit confusing. Let us know whether this is working for you. This setting only applies to Azure AD join on Windows 10 and not to hybrid AAD joined devices and Windows Autopilot self-deployment mode (Whiteglove).
|Scope Of Impact
|Users can’t join new devices using the Azure AD join feature.
|Microsoft’s investigation has determined that a recent update intended to improve the policy validation code pathway introduced a regression causing the validation routine to ignore some Azure AD group join policies, resulting in impact.
|Some users who are members of a large number of groups who attempt to join new devices using the Azure AD join feature are affected.
|A recent update intended to improve the policy validation code path introduced a regression that is causing the validation routine to ignore some Azure AD group join policies, resulting in impact.
|Identity Service (aka Azure AD)
A more detailed workaround documented by Microsoft – Users were able to bypass the impact by assigning the affected user directly in the Azure AD device settings policy rather than using group-based targeting, or by configuring the device settings policy to allow all users to use the Azure AD join feature.
To workaround, the Azure AD Join Issue for New Devices Something went wrong Login Error Modifications to this policy could’ve been done by, navigating to Devices > Device Settings on the Azure Active Directory page, and ensuring the setting labeled “Users may join devices to Azure AD” was set to “All.”
HTMD Admin Account to provide news and latest updates on the known issue from Microsoft world. We cover Windows, Intune, Azure, AVD, and Windows 365 news.