Share via

Seamless SSO vs PRT SSO

Ajay Kumar 30 Reputation points
2023-09-20T07:51:36.48+00:00

Dear All,

I'm in process of enabling the seamless SSO through AAD connect. While getting ready for enabling seamless SSO across all devices, I came across with MS article below that talk about PRT SSO take precedence over seamless SSO when devices are AAD joined and win10 later.

My question is if SSO can be possible through PRT across all supported devices then do I need to enable SSO via Azure AD connect or configure the GPO to enable seamless SSO?

Note: - I don't have legacy windows client such as win7 & 8

MS Article: - https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-sso

Thanks,

Ajay

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Answer accepted by question author
  1. Domooney-MSFT 2,606 Reputation points Microsoft Employee Moderator
    2023-09-20T10:17:54.5133333+00:00

    Hi @Ajay Kumar

    Thank you for posting your query on Microsoft Q&A.

    If your users devices are Win 10 or Win 11 and Azure AD joined, they will not benefit from enabling Seamless SSO. SSO should already be happening with a PRT.

    If SSO is not happening for some reason on these devices via a PRT then it would be beneficial to troubleshoot that rather than enabling Seamless SSO.

    You can confirm a user/device has a PRT by running the following command in a CMD prompt "dsregcmd /status". We have some details on this here - https://learn.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-device-dsregcmd#sso-state

    Do let me know if you have any further questions, I would be happy to help!

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.