question

Seb-2265 avatar image
0 Votes"
Seb-2265 asked Seb-2265 answered

Azure AD - SAML - Intune - ismanaged attribute

Hi all,

potentially it is a beginners question, but I hope someone can give me a hint where I have to look to.

We have Azure AD and Intune as MDM. We set up SAML with several applications. In the SAML message I need the ismanaged claim (http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged) in the SAML message as attribute to create on that some security policies on the connected application.

Do you have some information where I have to start? Conditional Access?

Thank you in advance
Seb

azure-active-directoryazure-ad-saml-sso
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Seb-2265 avatar image
0 Votes"
Seb-2265 answered

Hi all,

for all who have the same question or challenge. I found it out myself.

You have to add the following settings to your app manifest within App Registration on Azure

 "optionalClaims": {
         "idToken": [],
         "accessToken": [],
         "saml2Token": [
             {
                 "name": "is_device_managed",
                 "source": null,
                 "essential": true,
                 "additionalProperties": []
             }
         ]
     },

Then the attribute "http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" will be populated in the SAML assertion, when the device is managed.

Within our environment it only works with Edge/IE on desktop and Edge on iOS devices.

Hope that helps others as well.

Best regards
Seb

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Seb-2265 avatar image
0 Votes"
Seb-2265 answered

Hi,

thank you very much for your quick and your provided solution. I will give it a try.

In the claims reference I found the ismanaged claim in section "SAML restricted claim set"
https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-claims-mapping-policy-type

Due to that I am asking myself when it will come to play?

Best regards
Seb

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.