Forum Discussion
Hybrid-AD joined devices are being blocked
Hi We already enforce MFA access to O365 using conditional access but we want to prevent users accessing O365 from non-company devices. We have set a conditional access policy to block access using ...
Hi guys
I have gone through the troubleshooting and everything appears to check out. Dsregcmd /status does not show any issues. The device is listed as enabled and "Hybrid Azure AD Joined" in the AAD portal.
If I use IE or Edge, the AAD logs show the device ID. We also have the office client apps installed but when I open up Outlook, Teams or Word they do not prompt for MFA but open up fine. However, I do not see any AAD sign-in logs, either interactive or non-interactive for these apps. If I use dsregtool or test-deviceregconnectivity, I can see the logs for these authentications and the Device ID is logged.
So, I need to understand why Outlook, Teams etc. do not show up in the AAD logs and then confirm whether these apps are sending the PRT or not.
Any suggestions?
Thanks
Roy
I have gone through the troubleshooting and everything appears to check out. Dsregcmd /status does not show any issues. The device is listed as enabled and "Hybrid Azure AD Joined" in the AAD portal.
If I use IE or Edge, the AAD logs show the device ID. We also have the office client apps installed but when I open up Outlook, Teams or Word they do not prompt for MFA but open up fine. However, I do not see any AAD sign-in logs, either interactive or non-interactive for these apps. If I use dsregtool or test-deviceregconnectivity, I can see the logs for these authentications and the Device ID is logged.
So, I need to understand why Outlook, Teams etc. do not show up in the AAD logs and then confirm whether these apps are sending the PRT or not.
Any suggestions?
Thanks
Roy
Have you enabled modern authentication in your tenant?
