In doing some searching for this issue, I see a handful of people searching for the issue with varying degrees of successful answers. Since I ran into this recently, I figured I’d post up my own experience with fixing this.
For me, the problem didn’t actually happen until I started messing with Intune (Endpoint Manager). Once I enrolled my computer and did some other experiments/messing around, suddenly my Teams wanted me to sign in every day. In addition, I got the oft-dreaded “Let your Organization manage your device” prompt after signing in, which was weird because, well, they’re already managing it. (And by they’re I mean me). If I told it to let it manage it, I’d get an error (since it’s already being managed). If I turned off the checkbox, Teams would sign in, at least until the next day.
I started with going into the AzureAD audit log, looked up the account and went into sign-in logs (note that you probably have to have at least a single Azure AD P1 account in order to see them). In there I saw numerous “Windows Sign-In” Failures:
Digging into the entry, AzureAd provides this ever-so-helpful info including error code 50155:
Underneath that section is a link to a troubleshooter, so I figured hey let’s see what that does. So I ran it, and it..basically gave me the same error number and same exact failure reason. So still stuck at the “WHY” step.
So a little googling later landed me on this page, which actually provides all the right answers in one spot! It states that one reason for a device failing authentication might be that it’s in a “PENDING” state in Azure AD. Sure enough, I looked and it was in fact pending. (Actually I think I had 3 different entries for the same device, but one of them which showed as hybrid-joined was pending).
Following the steps on the article, I went into “Access work or school” and disconnected from Intune (MDM). Next I used dsregcmd /leave to un-join the computer from AzureAD, and after a few minutes that cleared out all entries of my device from AzureAD devices list. Great! Next I went to dsregcmd /join to rejoin, however I got an error showing “device not found”. Well yeah I wanna join it, wtf? ANYWAY…I figured it needed me to be hybrid joined first, so I went to my adconnect instance and did a delta sync which seemed to do the trick. Once again the computer eventually found itself back int he devices list as “pending”. This time doing the dsregcmd /join worked, and my device entry went from pending to showing a date in the registered column.
After all that, I rebooted for good measure, signed in again, and opened Teams. This time it prompts as “continue as (user name)”, so I clicked the button and it signed me in, no password needed. WHEW!
Last but not least I went back to access work and school and re-joined the MDM, and now after some time, I see a duplicate entry in Intune for the device (and Azure AD still shows 2 device entries – one I guess was my “old” intune-related entry and the new entry that appears to be linked to the “new” Intune entry). I’m going to leave things be for a bit to see if the duplicate works itself out, or if I need to remove the dupe entry now. I’ll update this article later on with the final results.