My previous post about #PRT in #AzureAD mentioned #DeviceJoin. There can be three types of device states in Azure AD - Azure AD Join, Azure AD Hybrid Join and Azure AD Registered. All these device types can get PRT and hence #SSO benefit.

Azure AD Joined are devices running Windows 10+ or Windows Server 2019+. These devices are considered corporate devices. PRT is obtained as part of the Windows login through the Cloud Authentication Provider (#CloudAP).

Azure AD Registered are devices that don't have a full join done (such as #BYOD or phones), but we can have the SSO benefit on them. PRT is obtained through the Windows Authentication Manager (#WAM) plugin. The user does not log in to these devices with a corporate account, so CloudAP cannot be used.