Flow
Hybrid user (with TGT) ➡ Request service ticket from KDC ➡ KDC sign a service ticket with AZUREADSSOACC$ account ➡ Send service ticket to Cloud server ➡ Verified and can access services
Hybrid user (with TGT) ➡ Request service ticket from KDC ➡ KDC sign a service ticket with AZUREADSSOACC$ account ➡ Send service ticket to Cloud server ➡ Verified and can access services