I am asking in this same thread as my point is similar but not totally same.
Before I get back to the app-vendor, I want to make sure that I prescribe what is possible from our Azure-AD point of view.
Matter is, my windows 10 session has currently 3 PRTs (one of those is of course for my account used to unlock device)
There is a Zscaler desktop app. When this app is trying to sign me in, it is showing me the AAD popup
We want to make sure that Zscaler does NOT show this popup and picks the PRT that is for the account used to unlock device.
There is a big security hole if Zscaler does not automatically pick the account.
Any suggestion is highly appreciated.
Thanks.