Hi,

I am running into a dilemma here, We have an environment where domains in onprem and cloud are different thus users have different UPN onprem and in cloud.

Users are provisioned and federated by third party IDP, Thus do not get included in the AD connect scope.

obviously this causes auto retrieval for Azure PRT to fail. 

As an alternative, We tried to use a script to manually retrieve the token, Ended up getting flagged by MDE as explained in the link(Possible attempt to access Primary Refresh Token (PRT)):

https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks#possible-attempt-to-access-primary-refresh-token-prt

Any way to avoid this??  I can post the script if needed

​Hi,I am running into a dilemma here, We have an environment where domains in onprem and cloud are different thus users have different UPN onprem and in cloud.Users are provisioned and federated by third party IDP, Thus do not get included in the AD connect scope.obviously this causes auto retrieval for Azure PRT to fail. As an alternative, We tried to use a script to manually retrieve the token, Ended up getting flagged by MDE as explained in the link(Possible attempt to access Primary Refresh Token (PRT)):https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks#possible-attempt-to-access-primary-refresh-token-prt  Any way to avoid this??  I can post the script if needed    Read More

​