Open robert-bunch opened 2 years ago
@robert-bunch Thanks for your feedback! We will investigate and update as appropriate.
Hello @robert-bunch, confirmed. Azure AD tokens will be retrieved and used thus CA policies will be applied accordingly.
Hello @robert-bunch, confirmed. Azure AD tokens will be retrieved and used thus CA policies will be applied accordingly.
That sounds right for a Hybrid Azure AD joined or Azure AD joined device, since your cloud credentials are used during login/lock/unlock. AAD Registered you are logged in with a local account or MSA account, not cloud account.
We have a 7 day sign in frequency enforced and a lot of AAD Registered devices. The examples in this article doesn't seem to be accurate behavior for an AAD Registered device. The Sign-In frequency window does not shift if you lock/unlock the AAD registered workstation within the window as noted in example 2.
User sign-in frequency and device identities If you have Azure AD joined, hybrid Azure AD joined, or Azure AD registered devices, when a user unlocks their device or signs in interactively, this event will satisfy the sign-in frequency policy as well.
Can we confirm the accuracy to this? Does locking/unlocking your Azure AD Registered device satisfy the sign in frequency since it does not use the Cloud AP plugin like Azure AD Joined and Hybrid Joined do.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.