It looks like there is a bug in Windows 10 / Server 2016 where it automatically tries to register as a device with Azure for some reason.
Not a lot of info out there on it.
It’s related to a scheduled task. If you disable the task, logins through Server 2016 and your Windows10 VDI will work again.
The Scheduled Task “Automatic-Device-Join” is located in: Task Scheduler Library\Microsoft\Windows\Workplace Join.
The task calls %SystemRoot%\System32\dsregcmd.exe.
The work-around is disable the task or configure the GPO Computer Configuration > Administrative Templates > Windows Components > Device Registration.
Help text from the GPO:
This setting lets you configure how domain joined computers become registered as devices. When you enable this setting, domain joined computers automatically and silently get registered as devices with Azure Active Directory. Note: Additional requirements may apply on certain Windows SKUs. Refer to Azure Active Directory Device Registration Overview. http://go.microsoft.com/fwlink/?LinkId=307136