Conditional Access Policy with Device Filter issue

EnterpriseArchitect 5,516 Reputation points
2024-12-04T04:41:36.96+00:00

My Azure Tenant is already licensed with Entra ID Premium P1 and both my AD user account and Computer account is hybrid synched to Entra ID with Azure AD Connect.

I am having issue with configuring the Conditional Access Policy with Device Trust Filtering using the steps described in: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-condition-filters-for-devices#create-a-conditional-access-policy

User's imageDeviceFiltersdevice.trustType -eq "AzureAD" -or device.trustType -eq "ServerAD" -or device.trustType -eq "Workplace"Despite the Device can be verified as Join Type = 'Microsoft Entra hybrid joined'

From: https://entra.microsoft.com/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId/Devices

However, I am still getting these rejection or CA Policy Error:

User's image

Policy state: Enabled

Result: Failure

User's image

Your help and assistance will be greatly appreciated.

Thank you,

Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
446 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,390 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,365 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,644 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Rahul Jindal [MVP] 10,436 Reputation points MVP
    2024-12-04T07:08:24.0666667+00:00

    I noticed that the sign in log is against Firefox browser. Did you configure the browser extension to support conditional access policies?


  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    1 deleted comment

    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.