Azure does not see that your device is Azure AD joined via the Google Chrome browser.
Because of this the user needs to sing in to Office 365 (& MFA) every time when the browser is closed.
Microsoft Edge does not has this behavior, Edge keeps the user signed in.
When you troubleshoot this issue and are gonne view the Sing-in Logs of Azure AD you see that when using Google Chrome to sing in to Office 365 the Join Type is empty.
To resolve this problem you need to install the Windows 10 Accounts extension in Google Chrome.
“For Chrome support in Windows 10 Creators Update (version 1703) or later, install the Windows 10 Accounts extension. This extension is required when a Conditional Access policy requires device-specific details.”
Before the extension is installed, Browser is Chrome and the Join Type is blank.
After the extension is insalled, browser is Chrome & the join type is filled with the correct information, in this case the Sign-in log shows Azure AD Joined.
The Windows 10 accounts extension can be installed manually via the Google Chrome store.
It’s also possible to automatically deploy this extension to Chrome (enterprise) browsers.
To do this we need to create the following registry key:
Path HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist Name 1 Type REG_SZ (String) Data ppnbnpeolgkicgegkbkbjmhlideopiji;https://clients2.google.com/service/update2/crx
After successful installation you may check if Windows 10 accounts shows up at the installed extensions page in Chrome, via this link :