TomC.75736 (Peninsula College) asked a question.
How to I configure Okta and Windows 11 to login to laptop connected to Entra (formerly AzureAD)
We are in Hybrid AD mode with Microsoft. Our Okta environment is Federated to Microsoft and are wanting to configure new laptops for use only with AzureAD. I joined a laptop the Entra domain using my Domain logon credentials. I am unable to login to the laptop with those same credentials. I can login to the laptop with an OnMicrosoft.com account, but not our Okta accounts (synced with AD). The accounts exist in Entra and Okta, but fail to login to the laptop after joining to our Entra domain.
Hi @TomC.75736 (Peninsula College) , Thank you for reaching out to the Okta Community!
This is a rather broad topic, but you can start by reviewing the following documentation:
Okta support for hybrid Microsoft Entra ID joined devices
I recommend opening a case to work with the Okta Support team if you encounter issues during your implementation steps.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
Just released: More Okta Community badges just added
Join the discussion for our Ask Me Anything on September 29, 2025: Device Assurance. Ask our expert questions.
@TomC.75736 (Peninsula College)
Windows workstation connected to okta uses legacy protocol for their authentication.
You need to write a policy to enable the same.
https://support.okta.com/help/s/article/authentications-are-blocked-when-integrating-office-365-with-okta-and-microsoft-intune?language=en_US
Note - enabling legacy authentication increases risk of attack. Make sure to write specific policies to allow from only azure joined machines using custom expressions
make sure legacy auth is enabled on okta policy on M365 app