365 Apps not reporting Device ID or Join Type

FrezaLc 1 Reputation point
2021-10-02T16:50:53.55+00:00

Hi all,

This issue is happening on brand new install of RDS 2016 server with out of the box set up and minimal configuration for seamless sso.

Device is hybrid azure ad joined, users get prt, silent sso works fine via edge/chrome/ie.

The 365 apps for enterprise are not reporting device ID or join type to azure which is resulting in my CA policy to fail. It's set to require either compliant/or hybrid azure ad joined device to grant access.

Device filter (exception) is failing also because no device id is reported.

See photo below
137097-1.png

This is the result that is passed to Azure during silent sso on a rds 2016 server.

Device info:

Device ID: BLANK
Browser
Rich Client v3.4.1.35249

This is the CA policy

Cloud apps: office 365

Conditions: any device

location: any

client apps: mobile apps/desktop clients

Grant access:

Require device to be compliant

or

Require hybrid azure ad joined device.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,569 questions
0 comments

11 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,371 Reputation points
    2021-10-05T18:29:49.153+00:00
  2. FrezaLc 1 Reputation point
    2021-10-19T20:40:41.25+00:00

    Still looking for an answer to this solution.

    Microsoft as always cannot pull their act together and reproduce this in a test environment to give me a definite answer.

    Instead I have a new engineer assigned every 2 days.
    Literally, 10+ different engineers so far (suspecting all just first point of contact, no real "engineer experience" or from proper department) have been assigned to the ticket.

    I am not going to speak of their efficiency as this topic speaks of it. The ticket has been open for a month.

    0 comments
  3. FrezaLc 1 Reputation point
    2021-10-21T20:09:26.43+00:00

    This Is the official response from MS, see below They did not open a ticket for a whole month with the appropriate department to actually look into this because I would have to pay for this ticket to be processed normally.

    See this answer:

    "My adviser mentioned that by design RDS servers cannot be compliant with Azure AD.

    To sum up, your issue could be either by design or misconfiguration within your environment.

    So an RDS server cannot be compliant, and then it could be by design or misconfiguration ? Which one is it ?

    Also, this is happening on two different environments with minimal configuration, so I know it's not misconfiguration.

    0 comments
  4. FrezaLc 1 Reputation point
    2021-11-01T21:07:18.947+00:00

    Bumping this up in case someone encounters this issue which eventually they will.

    Microsoft offered a free tech support here to save face.
    However, in private emails they state that the ticket is pretty much worthless. It does not apply to the department which can reproduce the issue so moot.

    0 comments
  5. Igor Fasano 1 Reputation point
    2022-08-04T17:01:20.137+00:00

    I'm facing exactly the same issue, the conditional are set to allow only hybrid joined computers but the Outlook on Windows 10 does not connect and on Signin logs the Join Type is empty, all other services are working fine except Outlook.

    0 comments