Forum Discussion
Hybrid Azure AD Join + Okta Federation
Implemented Hybrid Azure AD Joined with Okta Federation and MFA initiated from Okta. Trying to implement Device Based Conditional Access Policy to access Office 365, however, getting Correlation ID ...
Kav77 Providing you details about this:
Please follow controlled HYAADJ rollout using Group Policy Object.
The only change you need to perform related to GPO object is the Tenant.
Use Tenant domain : domain.onmicrosoft.com and not the custom domain name verified to the tenant.
Also, the reason where you see AzureAD PRT = NO, is related to device where Windows device login work on Legacy Auth, so please create a Rule in Okta to allow legacy auth to the PRT token.
Be sure that device is able to communicate to DC and Internet while performing the device registration process.
hmm I only have the GPO 'Windows Components> Device registration> register domain joined computers as devices' enabled and that seems to have Hybrid joined the devices successfully. It has no option for specifying the tenant domain?
Anyway I just noticed the AzureAdPrt is user based. I was running CMD under admin and it was saying NO, but when run under user context it actually says 'YES'. Think I will log this with support.
Anyway I just noticed the AzureAdPrt is user based. I was running CMD under admin and it was saying NO, but when run under user context it actually says 'YES'. Think I will log this with support.