i have ADFS 3.0 with DRS and workplace join configured. When claim is sent to ADFS I don't see any deviceContext claims and thus can't leverage "IsRegisteredUser" via setting up claim rules.
need to block access to non-workplace joined machines from accessing outlook. I see no device context claims and I need to see the following for my rules to work
http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname
http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier
http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype
http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion
http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged
http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser
I am only seeing the following for a user in logs
http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy
servername
http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path
/adfs/services/trust/2005/usernamemixed
http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant
2016-05-31T18:46:30.196Z
http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod
http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password
http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork
false
http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id
00000000-0000-0000-1d00-0080000000ea
http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip
10.121.70.63
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/implicitupn
user@domain .com
Caller identity:
http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid
S-1-5-32-545
http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid
S-1-1-0
http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid
S-1-5-21-1277709984-551343178-3051178080-513
http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid
S-1-5-21-1277709984-551343178-3051178080-513
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
user@domain .com
http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip
IP here
http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip
IP here
http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip
multiple IP's
http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application
Microsoft.Exchange.Mapi
http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent
Microsoft Office/15.0 (Windows NT 6.1; Microsoft Outlook 15.0.4815; Pro)
Caller identity:
http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
domain\user
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
domain\user
http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid
S-1-5-21-1277709984-551343178-3051178080-39855
http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid
S-1-18-1
http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid
S-1-5-21-823518204-1547161642-1417001333-64421
http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid
S-1-5-21-1277709984-551343178-3051178080-36788
http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid
S-1-5-21-1277709984-551343178-3051178080-1146
http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid
S-1-5-15
http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid
S-1-5-11
http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid
S-1-5-2
any help is trying to find why the device claims are not been seen