Copilot for Microsoft 365 Tech Accelerator
Feb 28 2024 07:00 AM - Feb 29 2024 10:30 AM (PST)
Microsoft Tech Community

Continued issues with Enterprise downgrading to Pro due to MFA/Conditional Access causing PRT issues

Copper Contributor

As some may be familiar, MFA and Conditional Access causes issues with the PRT token authentication and results in Enterprise downgrading to Pro. The problem is, this breaks Direct Access as well for our remote users. We were assured that as long as machines were on a current feature update version (everything we have is now either 2004, 20H2, or 21H1) that when this happens we can just go into Shared Experience Settings, hit 'Fix Now' and then the user will get an MFA prompt. Usually after that it takes one restart to get back to Enterprise and a couple more for DA to return. It seems to be happening more and more frequently which is already enough of an issue, but now we're seeing instances where the fix now button isn't there and the only solution is to disconnect the user's account, reset the machine in AD, and do a remote domain join (a long and annoying process). 

 

Has anyone figured out a better workaround or solution yet? The other thing I was planning on trying next was modifying our conditional access to just specific cloud apps instead of all of them. Does anyone know which cloud app relates to how Enterprise/PRT authenticates?

2 Replies

Wow, all those views and no responses.  Did you ever figure this out?  It is a current issue for as at the moment. @AdamN37