Hybrid AD joined users get prompted for auth for every Office App after enabling session control

%3CLINGO-SUB%20id%3D%22lingo-sub-2300113%22%20slang%3D%22en-US%22%3EHybrid%20AD%20joined%20users%20get%20prompted%20for%20auth%20for%20every%20Office%20App%20after%20enabling%20session%20control%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2300113%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20Folks%2C%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20not%20find%20the%20exact%20hub%20for%20posting%20this%20conditional%20access%20issue%20but%20hopefully%20this%20common%20space%20works.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20setup%20the%20Conditional%20Access%20sign-in%20frequency%20in%20session%20control%20settings%20recently%20however%20it%20does%20not%20work%20as%20expected%20in%20Hybrid%20AD%20joined%20devices.%20Behaviors%3A%20Our%20users%20are%20getting%20prompted%20for%20each%20Office%20365%20application%20that%20they%20open.%20Expectation%3A%20On%20Azure%20AD%20registered%20Windows%20devices%20sign%20in%20to%20the%20device%20is%20considered%20a%20prompt.%20For%20example%2C%20if%20you%20have%20configured%20the%20sign-in%20frequency%20to%2024%20hours%20for%20Office%20apps%2C%20users%20on%20Azure%20AD%20registered%20Windows%20devices%20will%20satisfy%20the%20sign-in%20frequency%20policy%20by%20signing%20in%20to%20the%20device%20and%20will%20be%20not%20prompted%20again%20when%20opening%20Office%20apps.%20Ref%20-%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-au%2Fazure%2Factive-directory%2Fconditional-access%2Fhowto-conditional-access-session-lifetime%23persistence-of-browsing-sessions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-au%2Fazure%2Factive-directory%2Fconditional-access%2Fhowto-conditional-access-session-lifetime%23persistence-of-browsing-sessions%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20ideas%20are%20greatly%20appreciated%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hey Folks, 

Could not find the exact hub for posting this conditional access issue but hopefully this common space works. 

 

We have setup the Conditional Access sign-in frequency in session control settings recently however it does not work as expected in Hybrid AD joined devices. Behaviors: Our users are getting prompted for each Office 365 application that they open. Expectation: On Azure AD registered Windows devices sign in to the device is considered a prompt. For example, if you have configured the sign-in frequency to 24 hours for Office apps, users on Azure AD registered Windows devices will satisfy the sign-in frequency policy by signing in to the device and will be not prompted again when opening Office apps. Ref - https://docs.microsoft.com/en-au/azure/active-directory/conditional-access/howto-conditional-access-...

 

Any ideas are greatly appreciated 

 

Thank you!

0 Replies