Seamless SSO and Azure MFA

DT_Support 21 Reputation points
2020-05-22T16:25:56.68+00:00

Hello,

We are testing staged Seamless SSO. It appears to be passing though our passwords just fine but we are getting MFA'ed when accessing any O365 resource. We have a conditional access rule setup and our local network IPs are added to the trusted locations lists but it does not appear to be working. As soon I I remove my account from the group we are testing seamless SSO with we no longer see the MFA prompt from an on-premise domain joined machine.

If I test seamless SSO and turn off the conditional access rule for MFA, it passing everything right through. Is their something with seamless SSO and Azure MFA that inst supported or is this the expected result. Microsoft said Seamless SSO is still in preview so I am curious if anyone else can share their experience.

We are looking to move from on-prem ADFS to Azure Cloud Auth with Password Hash and Seamless SSO.

Appreciate any feedback or help.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,445 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jai Verma 461 Reputation points
    2020-05-22T17:48:05.677+00:00

    Do you mean Hyrbrid AADJ machine? Did you check if your machine is HAADJ and if the user has a valid PRT? Run below command to check if your user has PRT

    dsregcmd /status

    AzurePRT: Yes <<<<<<This should be yes.

    Also check the sign in logs what policy and control is applying and why?

    0 comments