Why signin_state flag is missing in the JWT when user has logged in from a Mac browser?

arunabha bhattacharya 181 Reputation points
2021-09-14T13:10:54.237+00:00

Goal: identify if a device is managed (Azure joined).
Approach: verify that the logged in user's JWT has a claim signin_state with a flag dvc_mngd.

This works if the user signs in to Azure AD from a Windows system (Edge or Chrome) but if the user signs in from a Mac system (Safari or Chrome) to Azure AD then we find the flag is missing in their JWT.

Question:

  1. do we need to configure anything in Azure AD so that this claim gets added or is that a restriction for Mac?
  2. if that is a restriction then is there any alternative way to know programmatically if user has signed in to AAD from a managed device?

Thank you.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,089 questions
{count} votes