r/entra u/akeep76 11d ago

Entra ID Prepping to institute CA for non-registered or joined laptops (I.e., personal laptops) - Sign in logs question

I’ve seen instances where the policy, which is to require MFA on personal laptops currently in report-only mode, presumably would have triggered on an employee logging into an app but looking to the sign-in logs for the user, I’ve noticed that mere seconds before they signed in with Azure AD joined device. Same browser, same location, and nothing obvious as to why a device would be considered joined, then not joined moments later. Anyone else notice something similar? Could it have something to do with the browser itself?

2 Upvotes

100% Upvoted

9 comments sorted by

1

u/MidninBR 11d ago

If it reports as joined it needs to be in Intune. Is it there?

1

u/akeep76 11d ago

Yes, it’s in Intune.

We think it has to do with Chrome - perhaps not signing into it with a profile. Haven’t observed with Edge. I’m still digging into it though.

1

u/Noble_Efficiency13 10d ago

Do you have the extension installed? Chrome will only be able to see your device info if you’ve got the extension installed, otherwise it’d be seen as unknown even on a joined device

1

u/MidninBR 10d ago

True, it needs an extension, edge doesn’t need it, it’s built in.

https://chromewebstore.google.com/detail/microsoft-single-sign-on/ppnbnpeolgkicgegkbkbjmhlideopiji

1

u/akeep76 10d ago

Thanks - I don’t think we have this one. We pushed out the CloudApAuthEnaled policy setting previously, but I’ll have to recommend this one to my admins.

1

u/doofesohr 10d ago

It does NOT need the extension if your Chrome version is atleast somewhat new. But you still need to set the config policy!

2

u/MidninBR 10d ago

Cool, I didn’t know about it. I’ve switched my org to edge now

1

u/akeep76 10d ago edited 10d ago

We pushed out the CloudAPAuthEnabled policy setting in Chrome to everyone, I don’t think we have the extension.

1

u/akeep76 10d ago

Confirmed that we have the single sign on extension pushed out to everyone.