This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We are trying to use conditional access policies to force users to use Multifactor Authentication if they are on a device that is not Hybrid Azure AD Joined. This policy works fine for Outlook, Teams, etc. However, when logging into OWA, SharePoint Online sites, or other web apps using either Chrome (with the Windows 10 Accounts extension) or on Chromium Edge, users are still prompted for MFA.
What's most interesting is that, when using these browsers, the Azure Sign-In log shows no Device ID, despite the fact that the device is joined as a Hybrid Azure AD device, and the full applications do show the Device ID.
Has anyone encountered and resolved this issue?
This issue is, seemingly, resolved. We found that logging out of all Edge profiles, then only logging in with the user's O365/Azure account (with their e-mail address) and enabling sync seems to fix this.
@Covalt, Jonathan G Can you make sure that the device on which users are prompted for MFA even they are Hybrid AAD Joined, are logged into the browser profile.
Hybrid AADJ should login the user automatically, and if that is not happening for some reason, this is expected.
Read more here
If you see that the user is properly signed in, you might need to work with support to investigate further.
The user account is definitely logged into the browser. I even tried to log out of the browser and log back in, with the same result.
I've attached a picture to show what's happening. You can see this is a browser login using Edge, but there's no Device ID listed. Everything I can find from Microsoft says that this should be passed by Edge into Azure when logging in, but it's just not working.
At my company we are also seeing the exact same issue on a few devices (the majority of them are ok). Did you happen to get a resolution for this?
Yeah, if there are any other profiles logged in with Edge, it sometimes randomly defaults to the other profiles, in which case it won't pass computer information; you have to log out of all user profiles in Edge specifically, then just log in with the users' work account.
With Chrome, you just need to make sure you have the Windows 10 Accounts extension installed; this causes Chrome to pass the data into Azure.