Activity Details: Sign-ins in Azure AD Sign In Logs does not display Device Id when logged in using Xamarin Webview Mobile Application as Edge Browser, We use SSO

Chandrakala Vaprani 0 Reputation points
2023-02-09T19:50:13.2933333+00:00

Azure Sign In Logs - Device-Info

Developer technologies | .NET | Xamarin
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 17,961 Reputation points Microsoft Employee Moderator
    2023-03-03T07:52:49.8366667+00:00

    @Chandrakala Vaprani

    Thank you for providing details on ask. As you mentioned that your app is using WebView to authenticate the user through Azure AD. There would be following reasons for it on Android device:

    • Your application is not integrated with Microsoft broker apps.
    1. On Android, the Microsoft Authentication Broker is a component that's included in the Microsoft Authenticator and Intune Company Portal apps.
    2. Integrating with a broker provides the following benefits: Device SSO Conditional Access for: Intune App Protection, Device Registration (Join Type) , MDM state (Managed) Device-wide Account Management via Android AccountManager & Account Settings and "Work Account" - custom account type
    3. As per WebView

      When using the in-app WebView, the user signs in directly to the app. The tokens are kept inside the sandbox of the app and aren't available outside the app's cookie jar. As a result, the user can't have SSO experience across applications unless the apps integrate with the Authenticator or Company Portal.

    Suggestion: Kindly follow Enable cross-app SSO on Android using MSAL for integration your app with Microsoft Authentication Broker

    • If above condition is met then other issue could be if application is running outside work profile after being enrolled to Intune.
    1. When application is signed in within work profile container on Android device, it authenticates via broker application, hence device information (device ID, join type etc.) is ingested through the session. User's image On Azure AD device information is ingested: User's image
    2. When application is signed in outside work profile container on Android device, it does not use broker app for authentication, hence device information (device ID, join type etc.) is are not ingested through the session.

    User's image

    Please do let me know if you have any further queries in the comments section.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes/No), and share your feedback if the suggestion works as per your business need. This will help us and others in the community as well.

    3 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.