We are configured with Azure AD Sync and ADFS for authentication. When a user signs in, they're directed to ADFS for authentication, and then back to the O354/Azure application. This records a Sign-In in the Azure Sign-Ins log, and it updates the LastLogon or LastLogonTimestamp attribute in our local Active Directory. We have one user with many Office 365 Exchange Online logins in the Azure Sign-Ins log, but their Local active directory attribute is not updated. Any thoughts on how this is happening? All of their AAD Sign-Ins for the last 7 days are for Office 365 Exchange Online, so I'm wondering if they're using Outlook and it just keeps updating an authentication token with AAD so it rarely hits our local ADFS server. Does that sound reasonable?
Thanks for any thoughts you have.