There is an issue I am running into with a client during for a Hybrid Azure AD Join Autopilot Profile that generates an error "The user name or password is incorrect" after logging in as the user during OOBE. Clicking OK brings the user to the Windows sign-on screen where it shows the device is joined to the domain. After logging in, the device loops back to OOBE sign-in where the same error happens again upon sign in (loops over and over again.) They are using Okta for authentication but this specific test user was switched over to Azure AD. Not sure if Okta could be causing this issue.

​

I've confirmed the following:

• Offline computer object is created in on-prem AD
• The computer object successfully syncs to Azure AD via AD Connect (shows as Hybrid Joined)
• Conditional Access Policies are turned off
• Get-AutoPilotDiagnostics shows no errors - MDM enrollment succeeds, Offline Domain Join succeeds, Sidecar succeeds, Hybrid AADJ device registration succeeds
• dsregcmd /status shows device id Azure AD Joined, Domain Joined
• Device is on internal network and has visibility of DC
• Azure AD Joined Autopilot profiles work successfully with no errors
• Existing device MDM enrollment / Hybrid Join scenarios work with no errors

​

Video demonstration:

https://reddit.com/link/w7vp61/video/ldvwjhrj6rd91/player