My customer has a hybrid AD setup. on-prem they use "company.local" and the AAD is "ad.company.com".
They use Azure domain joined laptops where they login with the UPN "firstname.lastname@example.org" .
When users login they always get login promps when connecting to azure resources like file shares or printers hosted on an Azure VM. We want this to be SSO.
Funny thing is that when a user starts a VPN connection to the on-prem network (laptops end up in the same subnet as laptops in the on-prem LAN) the SSO will work without any problems. I see that there will be a *Session credential in the credential manager. The *Session is from the same "email@example.com" account.
Is it possible the *Session fixes the problem or it this more of a networking problem?
And does anyone knows something I can check to get this to work?