AzureEra

All about Microsoft Azure

Azure PRT Login Status Report

Posted on August 28, 2019 by Mohammad Zmaili

When the user login successfully to Hybrid Azure AD device or Azure AD joined device, he acquires AzureAD PRT which is extremely important to enable Single Sign-on (SSO) and to pass Azure AD Conditional Access Policies that deals with “Hybrid Azure AD” and/or “Complaint” devices.

Azure AD PRT can be validated by running “dsregcmd /status” command as the logged on user. But coming form the fact that it is not an easy process to verify the AzureAD PRT for a huge number of users on their devices as the verification should happen under the user account.
Continue reading →

Azure AD Device Cleanup

Posted on August 1, 2019 by Mohammad Zmaili

When dealing with Azure AD devices, usually we are facing the following challenges:

There is no report in Azure AD that shows the stale devices.
There is no retention policy to delete the stale devices from Azure AD.
There is no way to restore the deleted Azure AD device or its attributes (e.g Bit-Locker recovery key).

In this article, I am providing the following PowerShell script that gives comprehensive options to deal with the above challenges.
Continue reading →