Sorry if this doesn’t belong here, tried looking for better subreddits but couldn’t find one. Just want to help people facing the same problem.
So we have set up azure ad conditional access for our E3 users which lets people login from trusted IPs, azure hybrid join devices and compliant devices without prompting for additional authentication. It has not really worked from outside of our organization for about 1 year.
As it turned out it works from browsers which we really don’t use like Edge and IE. But not from chrome or firefox.
To get it working from chrome you need to add an extension called Microsoft Accounts to chrome and use it, then it works.
Just really wanted to vent, because it has been a problem for a while, and now I had time to troubleshoot it and got it working. Now I just need to share the extension for our users.
Here’s a technet article about it: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/technical-reference