Forum Discussion

Frederick_Po's avatar
Frederick_Po
Copper Contributor
Apr 14, 2020

Powershell MSOL and hybrid domain joined

Since we have a conditionnal access control requiring domain joined device and mfa to access azure management..when we are using powershell it seems like powershell cannot recognize the device as dom...
  • Claus Witjes's avatar
    Claus Witjes
    Apr 15, 2020

    Frederick_Po 

     

    hmm, actually I can not reproduce this.

     

    My device is AAD hybrid joined and we have CA policy requiring hybrid joined devices and another one basically blocking "other clients" aka basic authentication. What are your AAD Sign-In Logs saying exactly .. or the Windows Application and Services - AAD logs?

     

    My machine:

    +----------------------------------------------------------------------+
    | Device State |
    +----------------------------------------------------------------------+

    AzureAdJoined : YES

     

    with a valid PRT:

    +----------------------------------------------------------------------+
    | SSO State |
    +----------------------------------------------------------------------+

    AzureAdPrt : YES
    AzureAdPrtUpdateTime : 2020-04-15 05:58:26.000 UTC
    AzureAdPrtExpiryTime : 2020-04-29 12:26:36.000 UTC


    and I can successfully connect to Azure AD using the Connect-MsolService cmdlet.

    Actually using  "Manifest 1.1.183.57 MSOnline"

     

    Maybe you have to update the module installed, aka C:\> Update-Module MSOnline

     

    hth,

     

    Claus

Moe_Kinani's avatar
Moe_Kinani
Bronze Contributor
Apr 15, 2020
Hi,

Did it work before at all? It’s tough to guess without sharing the setting for Conditional Access.

Are the pcs hybrid join or only Azure AD? If hybrid joined, you have to sync the PCs to the cloud in order for CA to work as expected.

Thanks!
Moe

Resources