This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 47%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
I am using Microsoft Entra ID Cloud Sync to synchronize user accounts from three organizational units with EntraID. The password and other parameters are correctly synced from on-premises to Entra ID. However, devices are not synchronized from on-premises to the cloud as I am using Microsoft Entra ID Cloud Sync and not Microsoft Entra Connect Sync. The Windows Servers are running on Windows Server 2016, and all users have Microsoft 365 Business Standard licenses, which prevents hybrid device enrollment.
I aim to enable seamless SSO for Windows users to access Microsoft Teams, Office 365, and other portals like portal.microsoft.com without needing to enter their usernames or passwords. I have enabled SSO on Entra Cloud Sync using the procedure from Microsoft's documentation and verified its status via PowerShell and the Azure portal. The computer account AZUREADSSOACC was created correctly, and I have also created the necessary GPO (https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sso-quick-start).
Despite these steps, seamless SSO is not working on my test workstation, which is domain-joined and running Windows 11. Users are still prompted for their usernames and passwords. The klist command does not list the AZUREADSSOACC server. The device has a direct connection to the domain controllers. The GPOS has been rolled out to the user. The device's time is synchronized with the time in both Active Directory and the domain controllers. The account AZUREADSSOACC is enabled and present in the Active Directory. The klist get AZUREADSSOACC works and add the AZUREADSSOACC in the klist command but SSO still doesn not work.
Did I do something wrong ? Does Microsoft Entra hybrid joined devices is required when using Microsoft Entra ID Cloud Sync ?
To achieve seamless Single Sign-On (SSO) without requiring manual intervention from end-users, I had to follow these steps:
By implementing this approach, end-users will experience seamless access to organizational resources and services without any additional configuration steps on their part.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 35%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXQ%3C/text%3E%3C/svg%3E)
Hi, @Jeoffrey NGO
Looks like the issue is more related to Microsoft Entra ID. Please kindly understand that the Microsoft Exchange Hybrid Management tag here we mainly focus on general issues about Exchange. In order to better solve your problem, I will add “Microsoft Entra ID” for you. Thank you for your support and understanding!
That feature is not even needed for your version of Windows:
I would recommend you disable the seamless SSO feature in Entra connect as its a security concern.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 68%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Hi @Jeoffrey NGO ,
Thank you for posting your query on Microsoft Q&A. I am Saiteja from Q&A will be following you with your query.
I see @Andy David - MVP has already provided you the information on seamless SSO. Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Hi @Jeoffrey NGO ,
Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.