Thanks for the reply.
The web SSO is working as they are all in the same browser. However, not with the desktop clients as I mentioned.
The PC is Azure AD registered not Azure AD joined and it is Windows 10. I read that all 3 types of devices all support SSO on cloud resources (Azure AD join, Hybrid Azure AD join and Azure AD registered). On the Azure Portal, the device is list as Azure AD registered.
https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-register
The device is indeed showing workplacejoined: yes in dsregcmd.