This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am setting up an application that will use AzureAD as an OpenID Connect IDP for authentication. I want to know if the authenticating device is an AzureAD "managed" or "compliant" device at the application level by checking the returned JWT access token. There is an optional "platf" JWT claim that can be configured on the AzureAD SSO application dashboard and is described as "Restricted to managed devices that can verify device type". I enabled the claim and observed it is a number in the access JWT token returned by AzureAD. I assume it maps to an enum; however, I cant find any documentation about what status each integer indicates. Has anyone used this claim or know what it represents? Or perhaps a different method of determining if the authenticating device is AzureAD managed?
I am checking on this internally with the products team and update you with my findings.
Thank you for looking into this. Any updates yet?
sorry for the delay. I haven't heard back yet but I will update you as soon as I get the response
@Mike Borkenstein Sorry for the delay, we have received the confirmation this claim is for platform (internal) use only, and you should not take a dependency on it in your applications. We'll be removing it from the article, thanks for bringing this to our attention. Reference: GitHub issue
@Mike Borkenstein Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.