Had you implemented the whitelist workaround described here, or is your Live account working for all connects and reconnects without the additional registry entry?
Fall Creators Update (Version 1709) of Windows 10 breaks Duo for Windows Logon’s support for Microsoft Accounts
I have not edited the registry or made any other changes. The only changes that have occurred are
Windows Updates. The Live account is working for all reconnects and connects, and I receive a Duo prompt each time.
Mind posting a list of the last dozen or so update you received? It’s possible Microsoft hot fixed this and we can figure out where from that information.
Do you still have a local account present on the system that works in addition to the Live account, or is the Live account the only one?
On both systems (the one where I can login and the other where I must reboot to login) I have one Live account and one different local account. Both computers use the same Live account.
On both computers, for the Live Account, I checked to verify that it is using a Live account instead of a local account. I went under Settings->Accounts and there is the option to “Sign in with a local account instead”.
This is a relatively new computer, I only have three Windows Updates on here.
Thanks for clarifying that! I believe in testing we’ve seen that with RS4/RS5 Live accounts work as long as there is still a local account on the system.
We are still actively in communication with Microsoft about the ultimate root cause for issues with the Live credential provider and what mitigation will work for all use cases.
Something changed this week to SOLVE this issue for at least 2 of us - this hasn’t worked for me since October 2017 and just today it started working. I have a different set of recent updates tho from Chuck (KB4345421, KB4338832) but we do have KB4338819 in common. That the fix? Or did something else change here, on the cloud live account side maybe?
Worth a try again if you’ve been watching this issue…And thanks sharing Chuck!
No Joy yet.
I tried deleting the whitelist registry property on two Win 10 machines with the latest updates (including KB4338819) and the Microsoft accounts immediately “disappeared.” Rebooting didn’t help. I’m sure it doesn’t matter, but one is “Windows 10 Home” and the other is “Windows 10 Pro.”
Both machines have local accounts too. (Else getting back in would be a challenge.)
Windows 10 Pro, always up to date.
Something seems to have changed with a recent Win 10 update, but it might be Monday before I can really check it out. On one of the laptops (with the ProviderWhitelist property), a user was challenged by Duo 2FA while logging in to his Microsoft Account.
Hopefully I’ll have something more to report next week when the laptops are available (in the office) again.
Nope. It’s still not working.
There is one user that is able to log in to one laptop with his Microsoft account and get the Duo 2FA challenge. His account is also visible with the ProviderWhitelist property removed. So it is functioning like a local account even though it is not.
I added my own Microsoft account to the laptop and was not able to get it to work.
So still looking for any news from Duo.
We continue to work with Microsoft on this.
If you haven’t already done so, you can contact Microsoft support and attach your org to our existing open case #117121217311532.
It has been over a year since this issue started. Might we see this solved in 2019 - who knows?!
Sadly, I think the answer is “It will be fixed whenever Microsoft fixes it for us”.
For anyone still troubleshooting, try this.
- Create a local account
- Set up duo with that account
- Link local account with the microsoft account.
Even try swapping 2 and 3. This seems to be resolved for me, and I have been trying to figure out why. This variation is all that I have been able to narrow it down to.
For those with existing accounts, try to unlink it from the microsoft account, login and see what happens. Then try to re-link it.
Chuck was right. I am now able to use Duo with Windows 10 and MS Account. I have a local account on Windows 10 machine that is linked to MS Account. Try his suggestions. I’m pretty sure it wll work.
[Mailtrack](https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5&) 11/26/18, 11:12:20 AM
For those who aren’t familiar with the various accounts when you say “link” the local and Microsoft account is this done at the Windows / PC level or are you linking them both to the same Duo account? Thanks.
When I mention linking the accounts, I mean so on a PC level. After creating your local windows account and establishing the connection with Duo, log into the Microsoft account on the windows account to achieve the desired “Live account” or however it’s called.