Azure AD provides a registered device with an identity and authenticates when the user signs in. Once authenticated, use the device and device attributes to enforce conditional access policies for applications.
The PingFederate server authenticates the user and enrolls the device in Azure. Combined with a mobile device management (MDM) solution such as Microsoft Intune, the device attributes in Azure AD update with additional information about the device. This allows you to create conditional access rules for devices to meet your standards for security and compliance. This configuration also works for Windows Hello for Business.
If you have an on-premise Active Directory environment, you can join your domain-joined devices to Azure AD by configuring hybrid Azure AD-joined devices. You can configure Windows devices to automatically register to Azure AD. Windows current devices use active STS (WS-Trust) workflow for Azure AD device registration. The required configuration differs from Windows down-level devices, which use passive workflow (WS-Federation) for this process.
Windows current devices are:
- Windows 10
- Windows Server 2016