Event banner
Event details
The initial experience heavily depends on SSO working from the get-go. This is something we think could be improved (not speaking of our very special DMA-feature in Europe). Any plans on improving/optimizing the process involving receiving the PRT etc.?
MicrosoftCan you be more specific about exactly what you are talking about here? Are you referring specifically to hybrid join?
No, in this case entra-only, but actually doesn't matter.
We need to approach a state where you log into Windows for the first time and any application (Teams, Word, Outlook, OneDrive, ...) is able to pull an SSO token from Windows - immediately. It's not like users are waiting for 10 minutes until everything has been set up in the background. We still have quite a few customers relying on custom splashscreens after the first login which are basically locking the screen until certain conditions have been met.
- Jason_Sandys
Sorry, not following. What exactly is happening or not happening that you expect or want to happen from the user experience perspective and why are you attributing this to the PRT not being on the device?
I would suggest if it were hybrid join the PRT is going to just be there. I would imagine he's doing Entra Joined but users want to access domain resources right off the bat, or map drives or some such. I haven't tested it, but with Cloud Kerberos Trust this should work????
- Jason_Sandys
"Cloud Kerberos Trust" is specific to WHfB and is not specifically required to access on-prem resources. applications, or services. Also, PRTs aren't specific to hybrid join and are always acquired by the end-user when the device is hybrid joined, Entra joined, or Entra registered.
