Azure AAD joined only Access on prem resource

Hi, it appears that your Azure AD–joined device isn’t obtaining a Kerberos ticket when accessing on-prem resources because the cloud Kerberos trust isn’t set up. Even if you're not using Windows Hello for Business or passwordless authentication, seamless Kerberos SSO to on-prem resources still requires a properly configured Kerberos object in AD.

In other words, if you want your device to obtain a Kerberos ticket and avoid credential prompts, you'll need to configure the cloud Kerberos trust. Without this configuration, your device won’t automatically receive a Kerberos ticket and will likely fall back to NTLM or prompt for credentials.

I hope this clarifies the situation.