365 Apps not reporting Device ID or Join Type

FrezaLc 1 Reputation point
2021-10-02T16:50:53.55+00:00

Hi all,

This issue is happening on brand new install of RDS 2016 server with out of the box set up and minimal configuration for seamless sso.

Device is hybrid azure ad joined, users get prt, silent sso works fine via edge/chrome/ie.

The 365 apps for enterprise are not reporting device ID or join type to azure which is resulting in my CA policy to fail. It's set to require either compliant/or hybrid azure ad joined device to grant access.

Device filter (exception) is failing also because no device id is reported.

See photo below
137097-1.png

This is the result that is passed to Azure during silent sso on a rds 2016 server.

Device info:

Device ID: BLANK
Browser
Rich Client v3.4.1.35249

This is the CA policy

Cloud apps: office 365

Conditions: any device

location: any

client apps: mobile apps/desktop clients

Grant access:

Require device to be compliant

or

Require hybrid azure ad joined device.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,569 questions
0 comments

11 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Silvester Bosman 1 Reputation point
    2022-08-13T03:20:45.74+00:00

    Also the same issue here.
    Enabled Conditional Access, based upon Device ID.
    However, Office365 apps like Teams on both Windows and Android (not sure about iOS) don't report Device ID or Join type.
    It's using Chrome when authenticating the user to Office365, and Chrome don't send along these details.

    I solved it on Windows by using the Windows Accounts plugin on Chrome, but this is not an option on Android.

    Is there a way to fix this?

    0 comments