Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, May 2, 2019 12:56 PM | 3 votes
I am sharing this finding as it could be helpful for others!
Scenario:
A hybrid Azure AD joined computer fails to install apps from Microsoft Store and gives following annoying error message knowing the use of Microsoft Account was disabled using GPO:
After closing and trying to login, the below error message is displayed:
Research:
I figured out that the service Microsoft Account Sign-in Assistant is disabled on all affected computers which sounds to be normal at first look because of deactivation Microsoft Account use.
However, I changed the start type of that service to Manual then attempt to install app(s) from Microsoft Store. This time I got the below screen where I clicked "No, thanks" and the app installed:
However I noticed that as soon as the service Microsoft Account Sign-in Assistant started, the service start type set to "Disabled" and that is strange to me. On per System event log, the service was disabled by system. After the service stopped, I cycled into the same issue for installing new apps until I change the service start type to manual.
Solution:
By investigating, I figured out that the use of AllowMicrosoftAccountSignInAssistant was disabled and which caused the service to be disabled upon start-up by itself (I guess).
By changing the value of AllowMicrosoftAccountSignInAssistant from 0 to 1 in the below registry location and setting the service Microsoft Account Sign-in Assistant start type to manual, all started to work as expected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Accounts
By reviewing all GPO settings in place, we could not find the setup the registry key so not sure where it comes from!
Programmatic Solution:
Open cmd with elevated permission on the affected computer then execute below two commands to resolve the issue:
reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Accounts" /v AllowMicrosoftAccountSignInAssistant /t REG_DWORD /d 1 /f
sc config wlidsvc start= demand
Hope this information would help others in the same situation!
All replies (4)
Friday, May 10, 2019 9:00 AM
Thank you sooooooooooooooooo much !!!
This problem had been driving me crazy for months !!!!!!
You're the boss...
Wednesday, December 11, 2019 8:07 PM
This did not resolve the issue for me. We continue to get the PUR-Authentication error and it now loops.
Thursday, December 12, 2019 6:42 AM
Make sure that the use of Microsoft Account is not blocked using LPO or GPO:
/en-us/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts
Or
https://www.top-password.com/blog/block-or-disable-microsoft-account-in-windows-10-8/
Wednesday, May 20, 2020 6:16 PM
Thank you man! Very helpful!