When the user login successfully to Hybrid Azure AD device or Azure AD joined device, he acquires AzureAD PRT which is extremely important to enable Single Sign-on (SSO) and to pass Azure AD Conditional Access Policies that deals with “Hybrid Azure AD” and/or “Complaint” devices.
Azure AD PRT can be validated by running “dsregcmd /status” command as the logged on user. But coming form the fact that it is not an easy process to verify the AzureAD PRT for a huge number of users on their devices as the verification should happen under the user account.
Continue reading