cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Powershell MSOL and hybrid domain joined

Frederick_Po
Occasional Contributor

‎Apr 14 2020 10:55 AM - last edited on ‎Jul 24 2020 01:12 AM by

‎Apr 14 2020 10:55 AM - last edited on ‎Jul 24 2020 01:12 AM by

Powershell MSOL and hybrid domain joined

Since we have a conditionnal access control requiring domain joined device and mfa to access azure management..when we are using powershell it seems like powershell cannot recognize the device as domain joined and access is blocked due to the domain joined access control after mfa is performed. Any idea why?

Labels:
338 Views
0 Likes
3 Replies
Reply
3 Replies
Moe_Kinani

‎Apr 14 2020 06:31 PM

‎Apr 14 2020 06:31 PM

Re: Powershell MSOL and hybrid domain joined

Hi,

Did it work before at all? It’s tough to guess without sharing the setting for Conditional Access.

Are the pcs hybrid join or only Azure AD? If hybrid joined, you have to sync the PCs to the cloud in order for CA to work as expected.

Thanks!
Moe
0 Likes
Reply
best response confirmed by Frederick_Po (Occasional Contributor)
Claus Witjes

‎Apr 15 2020 07:56 AM

‎Apr 15 2020 07:56 AM

Solution

Re: Powershell MSOL and hybrid domain joined

@Frederick_Po 

 

hmm, actually I can not reproduce this.

 

My device is AAD hybrid joined and we have CA policy requiring hybrid joined devices and another one basically blocking "other clients" aka basic authentication. What are your AAD Sign-In Logs saying exactly .. or the Windows Application and Services - AAD logs?

 

My machine:

+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+

AzureAdJoined : YES

 

with a valid PRT:

+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+

AzureAdPrt : YES
AzureAdPrtUpdateTime : 2020-04-15 05:58:26.000 UTC
AzureAdPrtExpiryTime : 2020-04-29 12:26:36.000 UTC


and I can successfully connect to Azure AD using the Connect-MsolService cmdlet.

Actually using  "Manifest 1.1.183.57 MSOnline"

 

Maybe you have to update the module installed, aka C:\> Update-Module MSOnline

 

hth,

 

Claus

0 Likes
Reply
Frederick_Po

‎Apr 21 2020 07:31 AM

‎Apr 21 2020 07:31 AM

Re: Powershell MSOL and hybrid domain joined

AzureAdPrt was the problem, fixed it and everything was working afterwards. Thank you for pointing me in the right direction!
0 Likes
Reply