You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/conditional-access/concept-conditional-access-conditions.md
+5-2Lines changed: 5 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -107,15 +107,18 @@ This setting works with all browsers. However, to satisfy a device policy, like
107
107
| Windows 10 + | Microsoft Edge, [Chrome](#chrome-support), [Firefox 91+](https://support.mozilla.org/kb/windows-sso)|
108
108
| Windows Server 2022 | Microsoft Edge, [Chrome](#chrome-support)|
109
109
| Windows Server 2019 | Microsoft Edge, [Chrome](#chrome-support)|
110
-
| iOS | Microsoft Edge, Safari |
110
+
| iOS | Microsoft Edge, Safari (see the notes) |
111
111
| Android | Microsoft Edge, Chrome |
112
112
| macOS | Microsoft Edge, Chrome, Safari |
113
113
114
114
These browsers support device authentication, allowing the device to be identified and validated against a policy. The device check fails if the browser is running in private mode or if cookies are disabled.
115
115
116
116
> [!NOTE]
117
-
> Edge 85+ requires the user to be signed in to the browser to properly pass device identity. Otherwise, it behaves like Chrome without the accounts extension. This sign-in might not occur automatically in a Hybrid Azure AD Join scenario.
117
+
> Edge 85+ requires the user to be signed in to the browser to properly pass device identity. Otherwise, it behaves like Chrome without the accounts extension. This sign-in might not occur automatically in a Hybrid Azure AD Join scenario.
118
+
>
118
119
> Safari is supported for device-based Conditional Access, but it can not satisfy the **Require approved client app** or **Require app protection policy** conditions. A managed browser like Microsoft Edge will satisfy approved client app and app protection policy requirements.
120
+
> On iOS with 3rd party MDM solution only Microsoft Edge browser supports device policy.
121
+
>
119
122
> [Firefox 91+](https://support.mozilla.org/kb/windows-sso) is supported for device-based Conditional Access, but "Allow Windows single sign-on for Microsoft, work, and school accounts" needs to be enabled.
120
123
121
124
#### Why do I see a certificate prompt in the browser
0 commit comments