device authentication errors

Device authentication errors

What are the symptoms?

You get errors like "AADSTS50097" or "Device authentication is required".

What happens?

This error happens when a conditional access policy is applied to the resource you are accessing, which required that the device from which the token is acquired be managed by the organization, and that MSAL.NET proves this identity.

This is a conditional access policy applied by the tenant admin.

How to fix this?

To satisfy this requirement you will have to leverage WAM on Windows or the system browser (Edge on Chromium).

If you are writing a desktop application, see WAM integration for Desktop applications.
On iOS and Android, just use the broker
The same principles apply to Web Applications, though given you are in a browser you must leverage a browser which can “talk to” WAM (that is either Edge on Chromium or Chrome with the Azure AD extensions. For details see Conditional access conditions | Chrome support

Getting started with MSAL.NET

device authentication errors

Device authentication errors

What are the symptoms?

What happens?

How to fix this?

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!