I have found a couple questions about this, but not really an answer. I am trying to get SSO working. We had a pre-2017 setup of AAD, but I enabled modern authentication already.
We setup AAD Connect with HASH.
I have gone through the troubleshooting steps here https://learn.microsoft.com/.../hybrid/tshoot-connect-sso... and one thing I am not sure of is where it says to look for the AZUREADSSOACC entry when running klist. I don't see that mentioned, just the local @*.com entries.
I have verified in AAD SSO is on, purged the Kerberos tickets, removed and re-added the SSO service in AAD Connect, verified the site entry https://autologon.microsoftazuread-sso.com and Allow updates to status bar via script where pushed by GP by looking in Internet Options in Control Panel. If I try to though go to say outlook.office365.com or such in private mode in Edge Chromium, it asks for the password still.
The only thing I wonder about is that the SSO in AAD says the server is *.local, not *.net that is our URL. Someone else on here a while back mentioned this, but looks like that wasn't the issue, but they never actually replied if what they had found about and extension (Chrome) resolved the issue, so not sure if that could be causing an issue?