Forum Discussion

Jordy Blommaert's avatar
Jordy Blommaert
Copper Contributor
Aug 27, 2019

Conditional Access Policy require domain joined device error

A lot of our customers are complaining about the Require Domain Joined device feature in Azure Active Directory. We've configured Hybrid Azure AD through AAD Connect. Devices are now Hybrid Azure AD ...
Conditional Access
Steve Hernou's avatar
Steve Hernou
Iron Contributor
Aug 29, 2019

Jordy Blommaert , you mention that you have 'some' ca policies so I am assuming more than 1 apply when a user signs in. Have you looked at the sign in logs for an affected user in Azure AD? Look for a successful and a failed one. When you click on it, a window will open from the bottom up, there's a tab there that reads 'Conditional Access'. That should give you some hints as to which CA policy is causing the block and might help in figuring out what's going on.

 

  • Jordy Blommaert's avatar
    Jordy Blommaert
    Copper Contributor
    Aug 29, 2019

    Steve Hernou We already checked this. We've created some seprate policies one is when the user used the browser and the other one is when the users uses a client app.

    The requirement is that the device is Hybrid Azure AD joined in both scenario's.

    We have cases where Outlook, Sharepoint, etc. is successfull that he knows that the PC is Hybrid Azure AD joined but if the user uses Power BI that the connection is blocked because that same PC is not Hybrid Azure AD joined.

    A little remark is that there are also PC's that are used by multiple users for example in the Production Fabric.

Resources