af5cs (af5cs) asked a question.
Hybrid Entra Join Okta
Hello,
We are using Okta as IDP and to provision users to M365 and are in the process of enrolling devices as Hybrid Entra Join, Devices are being enrolled and registered properly but seems AzureADPRT is not retrieved always and this way the devices are not able to use features such as Windows Hello for Business.
Devices are synced to M365 but not through AD connect, Instead using Okta provisioning and no UPN matching between M365 and AD, i.e. user domain in AD is contoso.com and in M365 is Fabrikam.com.
My question is what settings need to be modified on Okta to retrieve this token for logged in local AD users, Any mappings or sign on policies that need to be in place so that AzureADPRT is granted, etc....?
Hello @af5cs (af5cs) Thank you for posting on our Community page!
I would recommend to review out doc on this particular setup and make sure everything is setup correctly:
https://help.okta.com/en-us/content/topics/apps/office365/hybrid-aad-joined-devices-support.htm
Additionally for a more in-depth troubleshooting we recommend to open a case with Support.
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.