Why signin_state flag is missing in the JWT when user has logged in from a Mac browser?
arunabha bhattacharya
181
Reputation points
Goal: identify if a device is managed (Azure joined).
Approach: verify that the logged in user's JWT has a claim signin_state with a flag dvc_mngd.
This works if the user signs in to Azure AD from a Windows system (Edge or Chrome) but if the user signs in from a Mac system (Safari or Chrome) to Azure AD then we find the flag is missing in their JWT.
Question:
- do we need to configure anything in Azure AD so that this claim gets added or is that a restriction for Mac?
- if that is a restriction then is there any alternative way to know programmatically if user has signed in to AAD from a managed device?
Thank you.