Azure AD SSO still prompts for password while on a domain joined computer

I wanted to give an update - I did end up fixing this.

 I think the Decryption/Encryption Key that is stored in Azure AD was using the RC4_HMAC_MD5 Cipher. Which explains why we are seeing a 403 since we are sending an ticket over with AES Encryption. Since we haven't rolled it over since 4/2019

1. I believe according to the comments this was recently updated to support the other Ciphers - https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/36121711-add-support-for-kerberos-aes-and-drop-rc4-hmac-md5

So after we rolled over the key this weekend (which I know is recommended every 30 days) The Seamless Single Sign-on started working. I'm not sure if this had anything to do with it being past the 30 days but I've marked it on my calendar to see if it still works after 30 days.