If you are authenticated to Azure/Office 365 in the same browser where you trigger the onboarding, it's expected that you don't need to authenticate again as the Office 365 authentication is used. That should not be related to if the computer is domain joined or not, but if the computer is Entra ID joined (formerly known as Azure AD) it may be that some browsers will auto-sign in to Office 365/Microsoft account.
I have not tested that myself, but I think with a Conditional Access policy in Entra ID, you could prevent that automatic sign in and enforce a multi-factor or re-login.
Note that Cloud Authentication and policy is designed for BYOD devices, if you have domain/Entra ID joined computers you probably would automate the onboarding process with group policies/Intune and use ClearPass or similar.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------