If your Azure is federated to Okta, your windows 10 devices may not able to log in to Windows with just a purely Azure AD joined environment. The error message will tell you that you have the wrong username and password(but it is not).
I googled on the internet, it looks like it requires WS-Trust. Since Okta default only allows modern authentication, and Windows logon service uses basic legacy authentication, which causes users cannot log in to Windows.
The fix is to add Windows-AzureAD-Authentication-Provider/1.0 into the Custom user agent strings in your Okta Office365 settings.
https://www.okta.com/sites/default/files/2020-09/Okta-for-Hybrid-AAD-Join.pdf
