This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 57.99999999999999%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
We are configured with Azure AD Sync and ADFS for authentication. When a user signs in, they're directed to ADFS for authentication, and then back to the O354/Azure application. This records a Sign-In in the Azure Sign-Ins log, and it updates the LastLogon or LastLogonTimestamp attribute in our local Active Directory. We have one user with many Office 365 Exchange Online logins in the Azure Sign-Ins log, but their Local active directory attribute is not updated. Any thoughts on how this is happening? All of their AAD Sign-Ins for the last 7 days are for Office 365 Exchange Online, so I'm wondering if they're using Outlook and it just keeps updating an authentication token with AAD so it rarely hits our local ADFS server. Does that sound reasonable?
Thanks for any thoughts you have.
The user goes to ADFS only if does not already have a valid token for Azure AD.
If the user is connected on an Hybrid Azure AD joined device for example, the user will have a PRT and the chance to go back to ADFS are really low.
That's what I guessed. Since this appears to be for Outlook, I'm assuming Outlook is maintaining the token and keeps refreshing it directly with AAD.
Thank you for confirming.