Entra ID: Register device upon login

[dmulder]

Is there an existing issue for this?

• I have searched the existing issues and found none that matched mine

Describe the issue

Enrollment into Entra Id is documented here:
https://github.com/himmelblau-idm/aad-join-spec/releases/download/0.02/aad-join-spec.pdf

Why are you still only performing unenrolled authentication?

Steps to reproduce

Send an enrollment request to the MS DRS service, then cache the resulting signed certificate, cert key, and transport key. These can then be used to fetch a PRT (https://learn.microsoft.com/en-us/entra/identity/devices/concept-primary-refresh-token) and perform SSO.

System information and logs

NA

Double check your logs

• I have redacted any sensitive information from the logs

[adombeck]

So, to finally follow-up on this: First, thanks for reaching out about this, @dmulder! Entra ID device enrollment has indeed been on our list of features we want to support for a long time. I did some prototyping back in March, and was able to successfully use libhimmelblau from authd to perform device enrollment. We plan to finish this work up and get it merged in the next few weeks.

We didn't track this work in GitHub ourselves yet, so I'm going to repurpose this issue for that.