arunabhabhattacharya-3120 avatar image
0 Votes"
arunabhabhattacharya-3120 asked YuZhou-MSFT edited

Why signin_state flag is missing in the JWT when user has logged in from a Mac browser?

Goal: identify if a device is managed (Azure joined).
Approach: verify that the logged in user's JWT has a claim signin_state with a flag dvc_mngd.

This works if the user signs in to Azure AD from a Windows system (Edge or Chrome) but if the user signs in from a Mac system (Safari or Chrome) to Azure AD then we find the flag is missing in their JWT.

1. do we need to configure anything in Azure AD so that this claim gets added or is that a restriction for Mac?
2. if that is a restriction then is there any alternative way to know programmatically if user has signed in to AAD from a managed device?

Thank you.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Don't know the answer here but I adjusted the tags for this question to better reflect where the problem may lie as it's unrelated to Intune (AAD joined/registered is not the same as being managed) and it's also unrelated to app registrations in AAD.

0 Votes 0 ·

0 Answers