Dear all,
I am doing some testing on Notebooks (Win10, hybrid-joined) that run GlobalProtect and M365 Apps for Enterprise. We have tested them with different Conditional Access Policies, yet there are always separate MFA requests for M365 and GlobalProtect, so I have to assume GP does not access the Primary Refresh Token.
GlobalProtect was configured according to Palo Alto recommendations and SAML SSO enabled.
a) is that behaviour expected? Some personnel of the service provider claimed, as GP didnt support OpenAuth/Openid, this was to be expected.
b) in the latter case, is there a work around?
Thanks so much!