question

arunabhabhattacharya-3120 avatar image
0 Votes"
arunabhabhattacharya-3120 asked YuZhou-MSFT edited

Why signin_state flag is missing in the JWT when user has logged in from a Mac browser?

Goal: identify if a device is managed (Azure joined).
Approach: verify that the logged in user's JWT has a claim signin_state with a flag dvc_mngd.

This works if the user signs in to Azure AD from a Windows system (Edge or Chrome) but if the user signs in from a Mac system (Safari or Chrome) to Azure AD then we find the flag is missing in their JWT.

Question:
1. do we need to configure anything in Azure AD so that this claim gets added or is that a restriction for Mac?
2. if that is a restriction then is there any alternative way to know programmatically if user has signed in to AAD from a managed device?

Thank you.

azure-ad-saml-ssoazure-ad-authentication-protocols
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Don't know the answer here but I adjusted the tags for this question to better reflect where the problem may lie as it's unrelated to Intune (AAD joined/registered is not the same as being managed) and it's also unrelated to app registrations in AAD.

0 Votes 0 ·

0 Answers