Goal: identify if a device is managed (Azure joined).
Approach: verify that the logged in user's JWT has a claim signin_state with a flag dvc_mngd.
This works if the user signs in to Azure AD from a Windows system (Edge or Chrome) but if the user signs in from a Mac system (Safari or Chrome) to Azure AD then we find the flag is missing in their JWT.
Question:
1. do we need to configure anything in Azure AD so that this claim gets added or is that a restriction for Mac?
2. if that is a restriction then is there any alternative way to know programmatically if user has signed in to AAD from a managed device?
Thank you.