Activity Details: Sign-ins in Azure AD Sign In Logs does not display Device Id when logged in using Xamarin Webview Mobile Application as Edge Browser, We use SSO

Question

Activity Details: Sign-ins in Azure AD Sign In Logs does not display Device Id when logged in using Xamarin Webview Mobile Application as Edge Browser, We use SSO

Chandrakala Vaprani 0

Azure Sign In Logs - Device-Info

Yonglun Liu (Shanghai Wicresoft Co,.Ltd.) 50,126 Reputation points Microsoft External Staff

2023-02-13T08:20:16.4966667+00:00

Your issue is similar to this one: [Sign-In with Edge (and Chrome with the Windows 10 Accounts extension) Conditional Access - no Device ID](https://learn.microsoft.com/en-us/answers/questions/297661/sign-in-with-edge-(and-chrome-with-the-windows-10). Would it be helpful for you?

Your prompt will be highly appreciated.
Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator

2023-02-24T10:49:41.75+00:00

@Chandrakala Vaprani Just checking in to see if above information was helpful or not. If you have any further updates on this issue, please feel free to post back.
Chandrakala Vaprani 0 Reputation points

2023-03-01T13:51:00.62+00:00
@Givary-MSFT , No the above information was not useful. Here are more details of the issue.

We have a Angular website , which has a log in page , after user enters username on the log in page it is redirected to SSO and when he successfully log ins , we can see Device information in Azure Sign In logs Device Info - this is when user browse this site using chrome or edge browser in Android mobile device or browsers on Windows 10 machine.

We are rendering this website using a Xamarin forms WebView in our mobile application , when same log in is done using a WebView mobile application we do not get Device Id and and also it says device is not complaint or managed,

We have registered the Mobile device in intune, and in Azure it shows 2 records for same device under Devices , it shows join Type as "Azure AD Registered" and Not "Hybrid AD joined" . Is this the reason we do not get Device Details in Azure?

We also implemented MSAL for Android App following steps given in below link (section - Add Authentication to the App) https://learn.microsoft.com/en-us/azure/developer/mobile-apps/azure-mobile-apps/quickstarts/xamarin-forms/authentication?pivots=vs2022-windows

I will be grateful for any help you can provide.
Chandrakala Vaprani 0 Reputation points

2023-03-01T13:55:30.09+00:00

I will be grateful for any help you can provide.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

1 answer

Your answer

Yonglun Liu (Shanghai Wicresoft Co,.Ltd.) 50,126 Reputation points Microsoft External Staff

2023-02-13T08:20:16.4966667+00:00

Your issue is similar to this one: [Sign-In with Edge (and Chrome with the Windows 10 Accounts extension) Conditional Access - no Device ID](https://learn.microsoft.com/en-us/answers/questions/297661/sign-in-with-edge-(and-chrome-with-the-windows-10). Would it be helpful for you?

Your prompt will be highly appreciated.
Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator

2023-02-24T10:49:41.75+00:00

@Chandrakala Vaprani Just checking in to see if above information was helpful or not. If you have any further updates on this issue, please feel free to post back.
Chandrakala Vaprani 0 Reputation points

2023-03-01T13:51:00.62+00:00

@Givary-MSFT , No the above information was not useful. Here are more details of the issue.

We have a Angular website , which has a log in page , after user enters username on the log in page it is redirected to SSO and when he successfully log ins , we can see Device information in Azure Sign In logs Device Info - this is when user browse this site using chrome or edge browser in Android mobile device or browsers on Windows 10 machine.

We are rendering this website using a Xamarin forms WebView in our mobile application , when same log in is done using a WebView mobile application we do not get Device Id and and also it says device is not complaint or managed,

We have registered the Mobile device in intune, and in Azure it shows 2 records for same device under Devices , it shows join Type as "Azure AD Registered" and Not "Hybrid AD joined" . Is this the reason we do not get Device Details in Azure?

We also implemented MSAL for Android App following steps given in below link (section - Add Authentication to the App) https://learn.microsoft.com/en-us/azure/developer/mobile-apps/azure-mobile-apps/quickstarts/xamarin-forms/authentication?pivots=vs2022-windows

I will be grateful for any help you can provide.
Chandrakala Vaprani 0 Reputation points

2023-03-01T13:55:30.09+00:00

I will be grateful for any help you can provide.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Answer 1

@Chandrakala Vaprani

Thank you for providing details on ask. As you mentioned that your app is using WebView to authenticate the user through Azure AD. There would be following reasons for it on Android device:

Your application is not integrated with Microsoft broker apps.

On Android, the Microsoft Authentication Broker is a component that's included in the Microsoft Authenticator and Intune Company Portal apps.
Integrating with a broker provides the following benefits: Device SSO Conditional Access for: Intune App Protection, Device Registration (Join Type) , MDM state (Managed) Device-wide Account Management via Android AccountManager & Account Settings and "Work Account" - custom account type
As per WebView

When using the in-app WebView, the user signs in directly to the app. The tokens are kept inside the sandbox of the app and aren't available outside the app's cookie jar. As a result, the user can't have SSO experience across applications unless the apps integrate with the Authenticator or Company Portal.

Suggestion: Kindly follow Enable cross-app SSO on Android using MSAL for integration your app with Microsoft Authentication Broker

If above condition is met then other issue could be if application is running outside work profile after being enrolled to Intune.

When application is signed in within work profile container on Android device, it authenticates via broker application, hence device information (device ID, join type etc.) is ingested through the session. On Azure AD device information is ingested:
When application is signed in outside work profile container on Android device, it does not use broker app for authentication, hence device information (device ID, join type etc.) is are not ingested through the session.

User's image

Please do let me know if you have any further queries in the comments section.

Thanks,

Akshay Kaushik

Please "Accept the answer" (Yes/No), and share your feedback if the suggestion works as per your business need. This will help us and others in the community as well.

Akshay-MSFT 17,961 Reputation points Microsoft Employee Moderator

2023-03-13T05:41:54.4566667+00:00

@Chandrakala Vaprani ,

Hope you got a chance to review the answer posted above. I request that you would kindly re-take the survey for your experience on this thread.

However, if your issue remains unresolved, please let us know how we can assist. We are here to help you and strive to make your experience better and greatly value your feedback. Looking forward to your reply. Much appreciate your feedback!

Thanks,

Akshay Kaushik

Share via

Activity Details: Sign-ins in Azure AD Sign In Logs does not display Device Id when logged in using Xamarin Webview Mobile Application as Edge Browser, We use SSO

1 answer

Your answer