SSO doesn't work on AZURE AD registered PC

Question

The MS documents state that SSO to cloud resource is a feature of Azure AD registered device. I did the registration and could see the status on the Azure AD portal. However, when I sign-in to the cloud resource, I seemed to have to sign-in individually (Outlook, Onedrive and etc) instead of having the SSO experience. When I checked the device status using dsregcmd, I could see that it is workplacejoined under user state and no in the SSO state.

AzureAdPrt : NO
AzureAdPrtAuthority : NO
EnterprisePrt : NO
EnterprisePrtAuthority : NO

Answer 1

Thanks for the reply.

The web SSO is working as they are all in the same browser. However, not with the desktop clients as I mentioned.

The PC is Azure AD registered not Azure AD joined and it is Windows 10. I read that all 3 types of devices all support SSO on cloud resources (Azure AD join, Hybrid Azure AD join and Azure AD registered). On the Azure Portal, the device is list as Azure AD registered.
https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-register

The device is indeed showing workplacejoined: yes in dsregcmd.

Answer 2

Hi,

In case of Azure AD registered devices AzureAdPrt value will be set to No.

Make sure the device has a certificate issued from MS-organization-Access under Certificates > Personal. And Event viewer logs on the affected machine are showing success. You can check event viewer logs under "Applications and Services logs > Microsoft > Windows > User Device Registration".

If you want to test SSO on Azure AD registered device, please open Edge browser and test with either portal.azure.com or portal.office.com.

Regards
Amit Kumar