Device authentication errors
What are the symptoms?
You get errors like "AADSTS50097" or "Device authentication is required".
What happens?
This error happens when a conditional access policy is applied to the resource you are accessing, which required that the device from which the token is acquired be managed by the organization, and that MSAL.NET proves this identity.
This is a conditional access policy applied by the tenant admin. For details see How To: Require managed devices for cloud app access with Conditional Access
How to fix this?
To satisfy this requirement you will have to leverage WAM on Windows or the system browser (Edge on Chromium). On mobile platform, you'll need to enable the brokers (Microsoft Authenticator and Company portal)
- If you are writing a desktop application running on Windows, see WAM integration for Desktop applications.
- On iOS and Android, we recommend enabling the authentication broker
- The same principles apply to Web Applications, though given you are in a browser you must leverage a browser which can "talk to" WAM (that is either Edge on Chromium or Chrome with the Microsoft Entra extensions). For details see Conditional access conditions.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for