365 Apps not returning Device ID or Join Type

%3CLINGO-SUB%20id%3D%22lingo-sub-2804574%22%20slang%3D%22en-US%22%3E365%20Apps%20not%20returning%20Device%20ID%20or%20Join%20Type%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2804574%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20issue%20is%20happening%20on%20brand%20new%20install%20of%20RDS%202016%20server%20with%20out%20of%20the%20box%20set%20up%20and%20minimal%20configuration%20for%20seamless%20sso.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDevice%20is%20hybrid%20azure%20ad%20joined%2C%20users%20get%20prt%2C%20silent%20sso%20works%20fine%20via%20edge%2Fchrome%2Fie.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20365%20apps%20for%20enterprise%20are%20not%20returning%20device%20ID%20or%20join%20type%20which%20is%20resulting%20in%20my%20CA%20policy%20to%20fail.%20It's%20set%20to%20require%20either%20compliant%2For%20hybrid%20azure%20ad%20joined%20device%20to%20grant%20access.%3C%2FP%3E%3CP%3EDevice%20filter%20(exception)%20is%20failing%20also%20because%20no%20device%20id%20is%20reported.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20the%20result%20that%20is%20passed%20to%20Azure%20during%20silent%20sso%20on%20a%20rds%202016%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EDevice%20info%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EDevice%20ID%3A%20BLANK%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CDIV%20class%3D%22%22%3EBrowser%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22%22%3E%3CDIV%3ERich%20Client%20v3.4.1.35249%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EThis%20is%20the%20CA%20policy%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CP%3ECloud%20apps%3A%20office%20365%3C%2FP%3E%3CP%3EConditions%3A%20any%20device%3C%2FP%3E%3CP%3Elocation%3A%20any%3C%2FP%3E%3CP%3Eclient%20apps%3A%20mobile%20apps%2Fdesktop%20clients%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGrant%20access%3A%3C%2FP%3E%3CP%3ERequire%20device%20to%20be%20compliant%3C%2FP%3E%3CP%3Eor%3C%2FP%3E%3CP%3ERequire%20hybrid%20azure%20ad%20joined%20device.%3C%2FP%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2804574%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E365apps%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzureAD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ehybridazure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eseamlessso%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESSO%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hi all,

 

This issue is happening on brand new install of RDS 2016 server with out of the box set up and minimal configuration for seamless sso.

 

 

Device is hybrid azure ad joined, users get prt, silent sso works fine via edge/chrome/ie.

 

 

The 365 apps for enterprise are not returning device ID or join type which is resulting in my CA policy to fail. It's set to require either compliant/or hybrid azure ad joined device to grant access.

Device filter (exception) is failing also because no device id is reported.

 

This is the result that is passed to Azure during silent sso on a rds 2016 server.

 

Device info:

Device ID: BLANK

Browser
Rich Client v3.4.1.35249
 
This is the CA policy
 

Cloud apps: office 365

Conditions: any device

location: any

client apps: mobile apps/desktop clients

 

Grant access:

Require device to be compliant

or

Require hybrid azure ad joined device.

0 Replies
www.000webhost.com