Hi, this article https://docs.microsoft.com/en-us/azure/active-directory/devices/azuread-join-sso#next-steps pretty clearly states that SSO is possible for an AAD connected device/user to on premise resources as long as there is a &#34;line of sight&#34; to local DC&#39;s....
Specifically the line
Azure AD joined devices have no knowledge about your on-premises AD environment because they aren&#39;t joined to it. However, you can provide additional information about your on-premises AD to these devices with Azure AD Connect.
The document then proceeds to give no further detail or links on how to actually achieve that. The article it links to at the end refers back to this article, creating a wonderful loop while providing no useful information.
Does anyone have any information on what changes to AADConnect are required in order to get SSO for AAD devices back to on-premise resources ?