PRT for Windows Server

%3CLINGO-SUB%20id%3D%22lingo-sub-1764186%22%20slang%3D%22en-US%22%3EPRT%20for%20Windows%20Server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1764186%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EWe%20know%20that%20%3CSTRONG%3ECloud%20Authentication%20Provider%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B(CloudAP)%20and%26nbsp%3B%3CSTRONG%3EAzure%20AD%20CloudAP%20plugin%26nbsp%3B%3C%2FSTRONG%3Eare%20the%20primary%20components%20for%20obtaining%26nbsp%3B%20Primary%20Refresh%20Token%26nbsp%3B%20(PRT)%26nbsp%3B%20from%20Azure-AD%26nbsp%3B%20on%26nbsp%3BWindows%2010%20devices%20which%20are%26nbsp%3B%20AAD-joined%20OR%26nbsp%3B%20hybrid-joined.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20want%20to%20know%2C%26nbsp%3B%20if%26nbsp%3B%3CSTRONG%3ECloud%20Authentication%20Provider%3C%2FSTRONG%3E%26nbsp%3B(CloudAP)%20and%26nbsp%3B%3CSTRONG%3EAzure%20AD%20CloudAP%20plugin%26nbsp%3B%20%3C%2FSTRONG%3Eis%20available%20on%20Windows%20Server%202019%26nbsp%3B%20so%20that%20if%20such%20server%20is%26nbsp%3B%20hybrid-joined%26nbsp%3B%20then%20I%20can%20expect%20a%20PRT%20when%20I%20sign%20into%20this%20server.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1764186%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1764799%22%20slang%3D%22en-US%22%3ERe%3A%20PRT%20for%20Windows%20Server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1764799%22%20slang%3D%22en-US%22%3E%3CP%3ECorrect.%20Windows%20Server%202019%20is%20a%20supported%20device%20in%20this%20scenario.%20See%20this%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fhybrid-azuread-join-plan%23windows-current-devices%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Elink%3C%2FA%3E.%20In%20order%20for%20the%20signed-in%20user%20to%20successfully%20obtain%20a%20PRT%20token%2C%20the%20device%20-%20in%20this%20case%20WinSrv2019%2C%20must%20also%20be%20successfully%20joined%20or%20registered%20to%20your%20AAD%20(AAD%20Joined%20or%20AAD%20Hybrid-Joined)%20as%20a%20pre-requisite.%20The%20dsregcmd%20tool%20is%20very%20useful%20for%20this.%20Hope%20this%20helps.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello,

We know that Cloud Authentication Provider (CloudAP) and Azure AD CloudAP plugin are the primary components for obtaining  Primary Refresh Token  (PRT)  from Azure-AD  on Windows 10 devices which are  AAD-joined OR  hybrid-joined.

 

I want to know,  if Cloud Authentication Provider (CloudAP) and Azure AD CloudAP plugin  is available on Windows Server 2019  so that if such server is  hybrid-joined  then I can expect a PRT when I sign into this server.

 

Thanks.

Thanks.

 

 

2 Replies
Highlighted

Correct. Windows Server 2019 is a supported device in this scenario. See this link. In order for the signed-in user to successfully obtain a PRT token, the device - in this case WinSrv2019, must also be successfully joined or registered to your AAD (AAD Joined or AAD Hybrid-Joined) as a pre-requisite. The dsregcmd tool is very useful for this. Hope this helps. 

Highlighted

@Josh Villagomez 

 

I think you did not get my question.  The discussion is NOT around whether we can hybrid join the Windows Server 2019 device or not.

Of course we can as the link that you showed is clearly telling that.

 

The question is , can you get PRT on such hybrid device when you sign into the device.

If you check the first line of this link PRT ,  it tells that "A Primary Refresh Token (PRT) is a key artifact of Azure AD authentication on Windows 10, iOS, and Android devices."

 

I want to know if windows server 2019 is part of above line.

 

Thanks.