We're running in to an issue with our SSO policy. Our Mac's are enrolled using the users Azure logon. We currently don't have kerberos in place, so are config profile is set to SSO. The tech who configured this created a policy that runs the below command at every network change per the apple documentation. The issue we're experiencing is that when there is a network change it kicks off sometimes it gets stuck the majority of policies don't run like our software updates. If you go in to policy audit of a device, it's just the sso policy. We just have the user restart and run recon and it's fixed and it doesn't happen to all users. Curious is anybody else has ran in to this. We do have a test group that is removed from the policy to see how it goes and just made if available to them if it doesn't connect correctly.
#!/bin/bash
killall AppSSOAgent
Sleep 5
app-sso -a "oursite" -R -q
exit 0
