Configuring PRT for hybrid joined Azure AD SSO

Lewis Neale 1 Reputation point

Hi All,

Im hoping someone can help me or at least give me some guidance on how to use/configure SSO with CloudAP using PRT.

I have looked online at Microsofts documentation, it explains what it is and what it does but i cant find anywhere how to set it up and configure. All i can find is troubleshooting it....but i need to set it up first!

I have hybrid joined Azure AD assets which are synced with Azure AD connect.

Running 'dsregcmd /status' on one of the assets i can see: -

Device state

AzureADJoined : YES


AzureAdPRT : NO

My question is, how do i get 'AzureAdPRT : YES' ?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,105 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Givary-MSFT 29,351 Reputation points Microsoft Employee

    @Lewis Neale

    Apologies for the delay in answering this query. From the issue details i see you are not able to see the Primary refresh token ( PRT ) on the client devices.

    You can refer to this article which talks about the detailed troubleshooting steps can be performed based on the output of dsregcmd /status command.

    Let me know if you come across any issues following the above articles while troubleshooting the PRT issue on the device, will be happy to assist you offline.

    Please remember to "Accept Answer" if answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments