RealWear Collaborate and Conditional Access

Those customers who use Intune enrolment and Conditional Access Polices may need to adjust their CA policy to allow Device Code Auth

From the Microsoft Conditional Access guidance documents: "When you use the device-code OAuth flow, the required grant control for the managed device or a device state condition isn't supported. This is because the device that is performing authentication can't provide its device state to the device that is providing a code. Also, the device state in the token is locked to the device performing authentication. Use the Require multifactor authentication control instead."

RealWear Collaborate employs the Device-Code OAuth flow to authenticate users on the headset, enhancing the sign-in experience. Users with Conditional Access must activate the 'Require Multifactor Authentication' option in their policies, along with 'Require Compliant Device' if necessary, as Microsoft advises in the quote above.

This setting can be adjusted in the GRANT section of your Conditional Access Policy.

Following this setup, the Device-Code Authentication flow will prioritize multifactor authentication over device compliance.

Link to the Microsoft article explaining device-code authentication flow and Conditional Access:
https://learn.microsoft.com/en-gb/entra/identity/conditional-access/concept-conditional-access-grant#require-microsoft-entra-hybrid-joined-device