- Article
What are the symptoms?
You get errors like "AADSTS50097" or "Device authentication is required".
What happens?
This error happens when a conditional access policy is applied to the resource you are accessing, which required that the device from which the token is acquired be managed by the organization, and that MSAL.NET proves this identity.
This is a conditional access policy applied by the tenant admin. For details see How To: Require managed devices for cloud app access with Conditional Access
How to fix this?
To satisfy this requirement you will have to leverage WAM on Windows or the system browser. On mobile platforms, you'll need to enable the brokers (Microsoft Authenticator and Company portal)
- If you are writing a desktop application running on Windows, see WAM integration for Desktop applications.
- On iOS and Android, we recommend enabling the authentication broker
- The same principles apply to Web Applications, though given you are in a browser you must leverage a browser which can "talk to" WAM (that is either Edge on Chromium or Chrome with the Microsoft Entra extensions). For details see Conditional access conditions.