The Pulse Secure development team is investigating a solution to allow the standard embedded browser to query for the device ID successfully and submit it to Azure during the login process. This fix is currently targeted for teh next major release of the Pulse client.
For immediate relief, the option
Enable FIDO2 U2F for SAML Authentication can be enabled on the connection set (
Users>Pulse Secure Client>Connections>connectionSetName). This downloads the
Chromium Embedded Framework (CEF) to the endpoint for the Pulse client to use as the rendering engine.