Share via

Are we able to get the value of PRT to pass to another sevice after registering the device?

Livia Halim 0 Reputation points
2023-08-25T23:03:51.5566667+00:00

Hi there,

I have recently registered my device using this article: https://support.microsoft.com/en-us/account-billing/register-your-personal-device-on-your-work-or-school-network-8803dd61-a613-45e3-ae6c-bd1ab25bf8a8.

My SSO state upon running dsregcmd /status shows AzureADPrt: NO, and I came across this article that confirms that it is expected https://stackoverflow.com/questions/55135114/can-we-get-prtprimary-refresh-token-with-azure-ad-registered-not-joined

I need to be able to pass the PRT to a different service. So my questions are:

  1. Is registering enough to get a PRT?
  2. Can we view and grab the value of PRT to pass to another service? IF so, are you able to provide an article on how to do that?

I can't seem to find an article to do so

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator
    2023-08-30T01:20:09.1033333+00:00

    Hello @Livia Halim , an Azure AD PRT is issued in Azure AD registered Windows devices after a second work account is added. The dsregcmd SSO state should be ignored for Azure AD registered devices. Azure AD PRT are meant to be handled by authentication brokers and not by users. The later is discouraged.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.