Many Organizations and Schools are currently implementing conditional access policies in o365 which validate that clients are permitted to connect. Even on approved clients Thunderbird is blocked from connecting when o365 Conditional access policies are in place. Thunderbird does not supply the required "DeviceID" in the token as part of the OAuth2 authentication process. As a result the client cannot be identified. This value is available on all windows machines and all AD joined MAC machines. When connecting from a valid client Thunderbird is blocked from connecting and simply receives a popup error: ''This application contains sensitive information and can only be accessed from: Devices and Client applications that meet <organizations> management compliance policy.'' Under the "more details" section of the client popup the DeviceID information will show as blank indicating this information was not provided by the Thunderbird client. Similarly the O365 signin logs will show this information was not provided by the client and as a result it was blocked. Is there any potential to have the Thunderbird OAuth2 authentication process updated to support providing DeviceID so its compatible with Conditional Access policies ?