SOLVED

disable SSO with registered Azure AD devices

Highlighted
Occasional Contributor

I have devices that are locally joined to our AD and also registered to Azure AD (i run AD connect). We have some webapplications that support OAUTH2 and forward me to login.microsoftonline.com and the user are getting authenticated automaticly. Is there a way how I can enforce those users/devices to enter their credentials?

I tried to disable Integrated Windows authentication but that did not work...

Thanks for your Help

 

6 Replies
Highlighted
Best Response confirmed by Lephas (Occasional Contributor)
Solution

Use Private mode? 

Highlighted

@Vasil Michev yes that would work, but other than that can i do something on the side of Azure to prevent this?

Highlighted

That depends on the flows you have enabled for your app, but why would you want to make such changes when there is an easy-to-use client side solution?

Highlighted
Exactly my thought. That is the opposite what everyone else wants - they want to enable SSO :). If you're concerned with security, you would enforce MFA and maybe lower the time for screen lock.
Highlighted
Agree with @Vasil’s solution about Private mode.

Have you tried to sync the PC to Azure AD and remove the Device marked (Azure AD registered)? I think this will do the trick.
Highlighted

@Vasil Michev The Problem is that two of our customers is running a Webapplication with Oauth2 but they won't allow guest users for compliance & security reasons... So i guess i will just tell our users to use private window.