In my test environment, I have created an ADFS 3.0 infrastructure to test out the Workplace Join feature set. I have been able to successfully "workplace join" both an iOS device and a Windows 10 machine. The objects themselves exist inside of active directory. I turned on the "Device Authentication" check box under the global authentication policies but I must still be missing something.
I can't really tell that the "Device Authentication" is actually working. As a test, I turned on MFA required for "Unregistered Devices" and ADFS never really detects the device as "Registered". This would be much easier if I had some sort of error to track down, but there are no particular errors. The successful device registration is written in the event logs, but I'm not sure where else to look for issues?
Just looking for ideas of things to check.