I was trying to use a Conditional access policy to enforce MFA on devices that are not hybrid-azure ad joined.
It seems to be working fine for connections from client apps, but I'm having trouble with connection from browser.
- A minority of sign-in attempts to log on from Edge Browser on correctly hybrid-joined devices are lacking any "Device ID" info in AAD sign-in logs, and so those sign-ins are prompted for MFA.
- Most, but not all of the connection from other browsers (chrome, firefox) on correctly hybrid-joined devices are lacking the device ID. Some chrome browser seems to have it though.
What is the rule there, are we forced to work with Edge in this scenario ? What would cause my edge sign-in to not have the device ID ?