Avatar for Username

Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Learn More

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

Thunderbird blocked by o365 Conditional Access - Does not supply required device ID

  • 2 antwoorden
  • 1 heeft dit probleem
  • 10 weergaven
  • Laatste antwoord van xdmarshallx

xdmarshallx
xdmarshallx
more options

Many Organizations and Schools are currently implementing conditional access policies in o365 which validate that clients are permitted to connect. Even on approved clients Thunderbird is blocked from connecting when o365 Conditional access policies are in place.

Thunderbird does not supply the required "DeviceID" in the token as part of the OAuth2 authentication process. As a result the client cannot be identified. This value is available on all windows machines and all AD joined MAC machines.

When connecting from a valid client Thunderbird is blocked from connecting and simply receives a popup error:

This application contains sensitive information and can only be accessed from: Devices and Client applications that meet <organizations> management compliance policy.

Under the "more details" section of the client popup the DeviceID information will show as blank indicating this information was not provided by the Thunderbird client. Similarly the O365 signin logs will show this information was not provided by the client and as a result it was blocked.

Is there any potential to have the Thunderbird OAuth2 authentication process updated to support providing DeviceID so its compatible with Conditional Access policies ?

Many Organizations and Schools are currently implementing conditional access policies in o365 which validate that clients are permitted to connect. Even on approved clients Thunderbird is blocked from connecting when o365 Conditional access policies are in place. Thunderbird does not supply the required "DeviceID" in the token as part of the OAuth2 authentication process. As a result the client cannot be identified. This value is available on all windows machines and all AD joined MAC machines. When connecting from a valid client Thunderbird is blocked from connecting and simply receives a popup error: ''This application contains sensitive information and can only be accessed from: Devices and Client applications that meet <organizations> management compliance policy.'' Under the "more details" section of the client popup the DeviceID information will show as blank indicating this information was not provided by the Thunderbird client. Similarly the O365 signin logs will show this information was not provided by the client and as a result it was blocked. Is there any potential to have the Thunderbird OAuth2 authentication process updated to support providing DeviceID so its compatible with Conditional Access policies ?

Alle antwoorden (2)

sfhowes
sfhowes
  • Top 25 Contributor
more options

I think you will get much better information on Bugzilla, which has a post that looks very much like the one above (perhaps the same poster).

https://bugzilla.mozilla.org/show_bug.cgi?id=1528136#c186

xdmarshallx
xdmarshallx Vraageigenaar
more options

Yes I have already opened a Bug there. Just posted here additionally in case anyone had already come across the issue.