Boot and Personal key files are not available when logging in with a new Azure AD user using PIN where Package defines user is required to change initial Password. User account is synchronized from Azure AD.
Scenario:
1. Existing client device was joined to Azure AD, then a SecureDoc Installation Package was deployed whose profile specified that Windows Account options would ensure both a Pre-Boot and Windows-level Key File would be added to any devices, and that a PIN would be used to authenticate.
2. On AzureAD, A new user was defined, e.g. '[email protected]'
3. Perform ADSync against the AzureAD. The new Azure AD User is then added to SES
4. On the client, sign out of Windows for the currently logged-in user account, then Sign in to Windows with the new AAD user e.g. '[email protected]'
5. Use Microsoft Authenticator to complete this user's authentication, then change this user's initial password
6. Set a PIN
This user will then be successfully logged in to the Windows desktop
Issue: Instead of confirmation that SecureDoc Enterprise Server has sent down new Boot and Windows Key Files for this user account to the device, error messages appear stating that both the Boot Key File and the Windows Key File are unavailable.
Resolution: By simply rebooting the device, this user will be able to successfully log in to this device. Upon first successful login following reboot, messages will appear indicating that the Boot and Windows Key Files have been added to the device.