We have encountered an issue when we try to receive access token for graph api using IWA we get an error that VDI is not domain joined: {"AADSTS53001: Device is not in required device state: domain_joined. Conditional Access policy requires a domain joined device, and the device is not domain joined.}
As I understand the device is domain joined from this screenshot. I can provide more information from dsregcmd/status if needed.
The users that are trying to generate token are all federated.
The code that we are trying to use :
ApplicationInfo appInfo = new ApplicationInfo()
{
ApplicationId = clientId,
ApplicationName = appName,
ApplicationVersion = "1.0.0"
};
var authorityUri = new Uri(authority);
authority = String.Format("https://{0}/{1}", authorityUri.Host, tenantId);
_app = PublicClientApplicationBuilder.Create(_appInfo.ApplicationId).WithAuthority(authority).WithDebugLoggingCallback().WithDefaultRedirectUri().Build();
string[] scopes = new string[] { "https://graph.microsoft.com/.default" };
String accessToken = _app.AcquireTokenByIntegratedWindowsAuth(scopes).ExecuteAsync().Result.AccessToken;
