New SaaS app blocked because device platform not recognized

Scenario

A newly onboarded application fails under Conditional Access because sign-ins do not present expected device conditions.

Recommended Resolution Path

1. Review how that app authenticates and whether it supports the same client claim model as other apps.
2. Test browser, desktop client, and mobile sign-ins separately.
3. Check sign-in logs for the exact grant control that fails.
4. Tune the policy intentionally for the app rather than broad weakening.

Technician Notes

Confirm the result, document the root cause, and record any preventative action worth standardizing.