@Jaganathan Krishnan
Thank you for posting this in Microsoft Q&A.
As I understand you have a device which is joined to Tenant A and you want to access resource in tenant B using SSO.
SSO works between applications in a single tenant and not between multiple tenants. This is because the user accounts and sessions can be shared only within a tenant.
Sharing tokens between multiple tenants in not security complaint.
Device join can only happen in one tenant. When you register a device, it creates a device object in Azure and maps this to the user account. If you want to join a machine to a different tenant, you need to disconnect from the first tenant and register again with the new tenant.
Whenever a new device is registered, there is a token is been issued. Now when user tries to access any same tenant specific resource, the token is been shared and user gets access to the resource.
If token is invalid, then the access is not granted. Now when user from tenant A tries to access resource from tenant B, the token is invalidated and SSO fails.
Currently there is no option where user from device joined to Tenant A can access resources from tenant B using SSO.
However, you can submit a feedback in Azure feedback portal. This portal is directly monitored by our PM's and they can share any update if they have regarding this.
https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789
Let us know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.