Forum Discussion

Himanshu Singh's avatar
Himanshu Singh
Iron Contributor
Jan 24, 2022

MFA Behaviour on Azure AD Hybrid OR Registered Devices

Hello,

 

it is observed after changing the password in on-premises AD, PRT was not issued (kept checking using DsRegCmd) for almost 2 days, However at the same time access is/was not restricted or blocked to any M/O365 resource due to no PRT strange if this behaviour known already ?

 

A Hybrid Windows 10 device being used by a user for whom CA policy is enforced that if user is using a Windows device then it must be Hybrid has no relation with PRT - Correct ?

 

As long as user is using Browser and is signed in (extension in case of Chrome/Firefox) Access is granted, As both browsers supports user sign in In-Cognito / In-Private mode,

 

I need to find out a way to allow users in sign in these browser modes as smoothly as possible or rather how are shared PC scenarios are being managed when AAD and hybrid device usage is mandatory using CA policy

 

  1. And upon closing of the browser auto sign out should happen,

  2. Another thing is CA Policy will be applied to all users and when this policy is active no user can sign in the browser/extension, This policy has to be disabled first then only user will be able to setup sign in InCognito / InPrivate Modes

  3. But the problem still remains what will happen when the user will change the PC ?

 

BR,

/HS

Resources