This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 77%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDR%3C/text%3E%3C/svg%3E)
Sign-In logs show the user is using a non-compliant device, however the device IS compliant.
Sign-in log is also void of the Device ID in this specific log, so it's as if after signing in to the phone app that is SSO'd the deny message says they must use Edge or Safari, but the users are using Safari when they get the message...
The user is using a browser that does not support device identification so the device state is unknown. Access to the resource requires a compliant device. To see a list of browsers that support device identification, see https://docs.microsoft.com/azure/active-directory/conditional-access/technical-reference#supported-browsers
Device ID
Browser
Mobile Safari 16.2
Operating System
iOS 16
Compliant
No
Managed
No
Join Type
UPDATE: As a work around I've removed the Compliant Device requirement for iOS and it works without issue. My assumption is the iOS app is using an embedded Safari browser that for some reason can't play with Conditional Access, however that is a HUGE issue because out LastPass is federated/SSO. Works fine for BYOD Android I might add IF its through the Work Profile.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 81%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHH%3C/text%3E%3C/svg%3E)
have the same Problem with different apps on iPhone:
Microsoft Teams.
Microsoft Froms.
Microsoft Outlook
device IS compliant but Conditional access says, not it is not.
User logged in different devices same Problem.
MFA deleted and logged in again. same problem.
open Support ticket on Microsoft, and after 100 Meeting, same Problem.
did someone find a solution?
Ive never seen this with Microsoft apps. Is it everyone or just a few random people? Can you share the CA policy and show what part of the CA policy is failing from Sign-Ins?
Ive had new issues pop up due to the "MFA strengths" option. Seems the Passwordless option breaks a lot of app sign-ins. But its the apps that use embedded chrome/safari browsers.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 94%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECA%3C/text%3E%3C/svg%3E)
Conditional Access ist for Office Apps but for someone works Teams corecctly but Forms does not or OUtlook does not
sorry its me, just with other Username
Interesting, here's my setup. I have Compliant OR Hybrid because we have an AVD infrastructure, so that won't apply to you.
But maybe your conditions are causing it, that's the only difference. Unless your Grant is something besides "Require Device be marked as compliant"
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 0%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPF%3C/text%3E%3C/svg%3E)
Did you ever get this resolved, we are seeing the same thing, devices marked as non compliant when trying to sign in via outlook, etc yet the device IS compliant. The grant control just has "require compliant device", nothing special.
Microsoft seems unable to figure this one out :(
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 71%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOI%3C/text%3E%3C/svg%3E)
i don't actually see any answer
i don't actually see any answersWe have ipads being shown in logs as MAC OS, which we block with Conditional Access.
Additionally, even though made an exception for compliant devices , the device appears an Unknown