User cannot sign in on intune registered machine

ewidjaya · ‎03-27-2023

Hi folks

So I tried to install duo on a windows machine.
the machine is registered on Microsoft MDM (intune).
after the installation, i cannot login.
The way I use to login is either PIN or password through my email address which is initial first name + last name.
Thats also the way i set it up on the admin duo.
But somehow if i check on the log. Duo receive the wrong info. with this format.
first name + lastname.
Anyone how to fix it?
I’m reluctant to add alias on this matter. Not sure how can duo tranlated the user name on windows wrongly.

raphka · ‎03-27-2023

Hi ewidjaya, Welcome to the Duo Community.
Adding an alias of first+last for the user in the Duo Admin Panel is indeed the answer here and will work.
This is the username Windows is sending for Azure authentications and is not caused by an incorrect Duo translation.
I suspect Microsoft have chosen this format to avoid username conflicts with local accounts, but this is just my personal guess as to the reasoning behind the weird username format.
We have documented this in the following article as well:
https://help.duo.com/s/article/3832

ewidjaya · ‎03-28-2023

Hi Raphka
This is really weird.
Since I the machine is AzureAD joined and it uses initial firstname+lastname.
will it creating a custom enterprise app on azureAD fix this issue?

raphka · ‎03-28-2023

Hi Ewidjaya,
No a custom enterprise app in Azure will not resolve this.
The windows machine is reporting the username as first+last to Duo.
Therefore for Duo to be able to perform 2fa for this user, the username first+last must exist in Duo.
As such this username will need to be added as an alias for the user in Duo to resolve the issue.