MicrosoftWe are starting to deploy Hybrid AAD Joined devices (because our environement asks for it and we are not ready to be full AAD yet).
This new change is not a pleasing one really, as it breaks the usual semless user login flow HAADJ offers.
With this change, when new a user logs in (with AD), a PRT is correctly issued but MS apps (most notably New Teams) will not seamlessly carry on with SSO. AAD events show so many errors AADSTS9002341 for each of these apps because it expects the user to "Permit SSO". The end-user first login experience is not great: we have to use other apps (like Office UWP Hub) so users are asked to select their account and accept the SSO.
Not great. The purpose of HAADJ (and I guess it is the same for AADJ) is to have a seamless experience. I don't want users to think which account is which.
Any plans to offer a way to bypass this on a tenant-level?
What are you people doing to seamlessly log your users in on a HAADJ device following this change? Are you launching an UWP app at login or something else? For sure we cannot use New Teams, it ask for an account (like the text box is blank, Teams does not even recognize the Windows account).
Thanks.
