Hello @Son ,
Thank you for reaching out to Microsoft QnA platform. Since this is a test environment I would request you to please take following in consideration:
- If you are testing on HAADJ device using a test user, make sure of following considerations:
- If using, Edge it requires your test user to be signed in to the browser to properly pass device identity. Otherwise, it behaves like Chrome without the account's extension. This sign-in might not occur automatically in a hybrid device join scenario.
- If using Chrome 111+ is supported for device-based Conditional Access, but "CloudApAuthEnabled" needs to be enabled.
- Do not use InPrivate/Incognito session or disable cookies as the device check fails if the browser is running in private mode or if cookies are disabled and device would be reflected as unmanaged device on Microsoft Entra ID Sign-In logs.
If you make sure above pre-checks are met your device identity should be passed to Entra ID during Auth and Conditional Access should evaluate device as HAADJ.
I hope this answer helps to resolve your issue. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.