Azure AD Conditional Access: AAD Joined / Compliant Device Detection - How does it work under the hood?

Tobi Kr 26 Reputation points

Hi all,

we do work quite often with these grant controls :

In one of our projects, our client is using a self-developed web app that calls multiple Azure Functions with AAD Authentication. Although they are using edge, the browser/computer is not detected as Azure AD Hybrid Joined when using this self-developed app. Other Portals/Apps like do work as expected and the browser/computer is detected as AAD Hybrid Joined. I guess the browser has to sent a specific header to AAD. Is there any SDK or documentation to enable custom developed apps to work with these Conditional Access Grant Controls?


Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,211 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Tobi Kr 26 Reputation points

    Just found the answer: during oAuth Access token request the app has to use "Conditional Access authentication contexts":

    0 comments No comments

  2. Sandeep G-MSFT 15,341 Reputation points Microsoft Employee

    @Tobi Kr

    In your scenario, edge browser is not sending the device information is because while oauth access token request, application has to use conditional access authentication context.

    You can refer below article to get more information on "Developer guide to Conditional Access authentication context".

    Do let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.