We have AAD joined our laptop and enroll using intune autopilot, with the expectation on silent SSO to application integrated with Azure AD without extra configuration, but when user launch the destop app/web that was configured to integrate with AAD, they still get prompted to enter email and password.
I saw there is Seamless SSO feature for Hybrid Joined device where required Azure AD Connect. We are in full cloud mode without on-prem AD. SO Hybrid Joined is not an option.
The AAD event log there are errors, see the attached- Error Warning Error2
The first party application application ID shown in the error cannot be found in AzureAD app registration, what does it refer to? Same to the first party resource, i can't find it in Azure AD app registration as well.
Appreciate if anyone can point out anything i miss out/ misconfigured.
Thank you.
Ran DSregcmd /status, AzureADJoined: Yes, DomainJoined: No, AzureAdPrt: Yes.
