AzureAD OpenID Connect JWT "platf" claim value

Mike Borkenstein 1 Reputation point

I am setting up an application that will use AzureAD as an OpenID Connect IDP for authentication. I want to know if the authenticating device is an AzureAD "managed" or "compliant" device at the application level by checking the returned JWT access token. There is an optional "platf" JWT claim that can be configured on the AzureAD SSO application dashboard and is described as "Restricted to managed devices that can verify device type". I enabled the claim and observed it is a number in the access JWT token returned by AzureAD. I assume it maps to an enum; however, I cant find any documentation about what status each integer indicates. Has anyone used this claim or know what it represents? Or perhaps a different method of determining if the authenticating device is AzureAD managed?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,723 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Saurabh Sharma 17,366 Reputation points Microsoft Employee

    I am checking on this internally with the products team and update you with my findings.

    1 person found this answer helpful.

  2. Saurabh Sharma 17,366 Reputation points Microsoft Employee

    @Mike Borkenstein Sorry for the delay, we have received the confirmation this claim is for platform (internal) use only, and you should not take a dependency on it in your applications. We'll be removing it from the article, thanks for bringing this to our attention. Reference: GitHub issue