Views:
Applies to Product - Dynamics 365 Supply Chain Management

What’s happening?
The customer is experiencing issues accessing the Dynamics 365 warehouse application due to Conditional Access policies that require device joining. The application is utilizing device code authentication, which is not supported under these Conditional Access requirements.
 
Reason:
The device code authentication flow does not support the required grant control for managed devices or device state conditions. This limitation arises because the device performing the authentication cannot provide its device state to the device that is providing the code. Consequently, the device state in the token is locked to the device performing the authentication.
 
Resolution:
To resolve this, the Conditional Access policy must be configured without the "Joined" device control. Alternatively, the application can be configured to use a different authentication method, such as Username/Password authentication with broker support. This requires setting the UseBroker parameter to true, which enables single sign-on (SSO) authentication through supported systems. If the application continues to show authorization issues after these changes, further investigation outside the scope of Conditional Access may be necessary.