Sign in issues

Question

I have some users that I can't get SSO to work for sites like Office.com. We are using a full Azure AD setup and this feature works on most users. I have looked through documentation on this and I am finding that it refers me to Azure AD Connect which from my understanding is for hybrid setups. Is there a way to refresh the SSO for a user without completely reimaging the machine?

Answer 1

Hello, as you mention Azure AD Connect is intended for Hybrid scenarios. Azure AD SSO should work out of the box in browsers unless cookies are being blocked. This because Azure AD session is stored in cookies. Ensure the former is not the case.

There's no need to re-imaging a device for SSO to work.

Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

Answer 2

There are two things to check:

1) If you enforce it user-by-user you will want to see what they have been set too in MFA Options (legacy per-user MFA):

Enable per-user Azure AD Multi-Factor Authentication to secure sign-in events

https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

2) If you are doing it via Conditional Access Policy, check your Users and Groups that you apply it to and whether you are excluding anyone from the policy.

Common Conditional Access policy: Require MFA for all users

https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa

---

If this is helpful please accept answer.