Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

disable SSO with registered Azure AD devices

Brass Contributor

I have devices that are locally joined to our AD and also registered to Azure AD (i run AD connect). We have some webapplications that support OAUTH2 and forward me to login.microsoftonline.com and the user are getting authenticated automaticly. Is there a way how I can enforce those users/devices to enter their credentials?

I tried to disable Integrated Windows authentication but that did not work...

Thanks for your Help

 

6 Replies
best response confirmed by Lephas (Brass Contributor)
Solution

Use Private mode? 

@Vasil Michev yes that would work, but other than that can i do something on the side of Azure to prevent this?

That depends on the flows you have enabled for your app, but why would you want to make such changes when there is an easy-to-use client side solution?

Exactly my thought. That is the opposite what everyone else wants - they want to enable SSO :). If you're concerned with security, you would enforce MFA and maybe lower the time for screen lock.
Agree with @Vasil’s solution about Private mode.

Have you tried to sync the PC to Azure AD and remove the Device marked (Azure AD registered)? I think this will do the trick.

@Vasil Michev The Problem is that two of our customers is running a Webapplication with Oauth2 but they won't allow guest users for compliance & security reasons... So i guess i will just tell our users to use private window.

1 best response

Accepted Solutions
best response confirmed by Lephas (Brass Contributor)
Solution

Use Private mode? 

View solution in original post