That’s correct—if you are using Microsoft Entra ID (formerly Azure AD) accounts without on-premises domains and only Cloud Identity, enabling Single Sign-On (SSO) via Intune directly might not be possible in the traditional sense. However, there are still some alternative approaches to achieving an SSO-like experience for your users. Here’s a breakdown of your options:
1. Using Microsoft Entra ID for Cloud-Only Environments
Even without on-premises domains, Microsoft Entra ID supports SSO for cloud apps.
Ensure applications are integrated with Microsoft Entra ID as their identity provider (IdP) through SAML, OAuth, or OpenID Connect.
Use the My Apps portal (https://myapps.microsoft.com) to give users one-click access to all linked applications.
2. Configure Passwordless Authentication
Enabling passwordless authentication, such as Microsoft Authenticator App, Windows Hello, or FIDO2 security keys, can streamline logins for cloud services and enhance the user experience.
3. Device-Based Conditional Access
Enforce Conditional Access Policies to ensure only trusted, compliant devices (registered in Entra ID and managed through Intune) can access corporate resources.
While this doesn’t provide traditional SSO, it ensures seamless authentication for compliant devices.
4. Windows Autopilot Hybrid Join (Optional for Certain Use Cases)
If there’s a future need to integrate with on-premises AD without maintaining a full AD infrastructure, you can implement Windows Autopilot Hybrid Join using Azure-based domain services.
This would allow devices to have an identity in both Entra ID and Azure AD DS.
5. Leverage Cloud Apps with Entra ID Native Support
Many third-party applications offer direct integration with Microsoft Entra ID for SSO, even in cloud-only environments.
Check if your apps are listed in the Azure AD Application Gallery and configure them for SSO.
Would you like more specific steps on configuring these alternatives?
English 
Arabic