This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
My Azure Tenant is already licensed with Entra ID Premium P1 and both my AD user account and Computer account is hybrid synched to Entra ID with Azure AD Connect.
I am having issue with configuring the Conditional Access Policy with Device Trust Filtering using the steps described in: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-condition-filters-for-devices#create-a-conditional-access-policy
DeviceFiltersdevice.trustType -eq "AzureAD" -or device.trustType -eq "ServerAD" -or device.trustType -eq "Workplace"Despite the Device can be verified as Join Type = 'Microsoft Entra hybrid joined'
From: https://entra.microsoft.com/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId/Devices
However, I am still getting these rejection or CA Policy Error:
Policy state: Enabled
Result: Failure
Your help and assistance will be greatly appreciated.
Thank you,
I noticed that the sign in log is against Firefox browser. Did you configure the browser extension to support conditional access policies?
Hi @Rahul Jindal ,
the users are using multiple Type of browsers like Edge, Chrome and FireFox.
so how do I configure the CAP to allow the above ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 51%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Thank you for posting your query on Microsoft Q&A.
I understand that your Conditional Access Policy is not applied on your device. The users are using multiple type of browsers like Edge, Chrome and Firefox.
You need to configure the browser extension to support conditional access policies.
For Edge the user profile should be synced to the device.
If you are using Firefox browser, use the following extension: Windows SSO setting
If the device is using Chrome browser, set up the following extension: Windows 10 Accounts
Follow the document for more information: https://learn.microsoft.com/en-us/entra/identity/devices/concept-primary-refresh-token
Hope this helps. Do let us know if you have any further queries.
Thanks,
B. Siri Chandana.
@Anonymous ,
Thank you, so in this case with Microsoft Edge Browser, if the user is using Personal account signed in the Device filtering will not work properly?
So the user must be login using the Work account or the Entra ID / Hybrid account?
Yeah, for the Hybrid Azure AD joined devices, you have to sign in with your work or school account and not with personal user account.
If you sign in to the Hybrid Azure AD joined devices with personal user account, then in that device, PRT will not be there, so obviously Device ID will not pass.
Hope this helps. Do let us know if you have any further queries.
Thanks,
B. Siri Chandana.
I got this error on my MS Edge Browser when signing in using my corporate office account:
Hi @EnterpriseArchitect
I understand that you are facing an error while signing your account.
Open Command Prompt in your device, type dsregcmd/status. Send me the output screenshot.
Like this one:
C:\>dsregcmd/status
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : YES
EnterpriseJoined : NO
DomainJoined : YES
DomainName : 13CABS
Virtual Desktop : NOT SET
Device Name : CORP-LPT01.office.com
+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : YES
AzureAdPrtUpdateTime : 2024-12-05 09:06:23.000 UTC
AzureAdPrtExpiryTime : 2024-12-19 09:06:33.000 UTC
AzureAdPrtAuthority : https://login.microsoftonline.com/0e38730c-f9b8-4d07-9f70-46b518bde035
EnterprisePrt : NO
EnterprisePrtAuthority :
OnPremTgt : YES
CloudTgt : YES
KerbTopLevelNames : .windows.net,.windows.net:1433,.windows.net:3342,.azure.net,.azure.net:1433,.azure.net:3342
I understand that you are facing issue while signing into account.
Try to Clear Cache and Cookies and try to sign in Incognito Mode.
Click on "Other Profiles" -> "Set up a new work profile".
Follow the document for more information: https://answers.microsoft.com/en-us/microsoftedge/forum/all/how-do-i-resolve-this-is-not-a-personal-account/b226695f-5e59-47bf-809a-f46ca62085fa
Hi @EnterpriseArchitect
Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back.
Hi @EnterpriseArchitect
Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back.
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
1 deleted commentComments have been turned off. Learn more