AzureAD · p3dr0rv · Mar 16, 2026 · Feb 25, 2026 · Mar 2, 2026 · Mar 2, 2026
@@ -1,5 +1,6 @@
 vNext
 ----------
+- [MINOR] Add AIDL interface for device registration service.(#2926)
 - [MINOR] Move debugIntuneCE and prodIntuneCE from BrokerData to AppRegistry as App instances (#3012)
 - [MINOR] Remove LruCache from SharedPreferencesFileManager (#2910)
 - [MINOR] Edge TB: Claims (#2925)

@@ -0,0 +1,38 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.client;
+
+/**
+* AIDL interface for the device registration bound service exposed by the broker.
+* Client applications (such as Authenticator or CP) call into this service to execute device registration operations
+* when the content provider strategy is not available. The implementation of this service resides in the broker app.
+*/
+interface IDeviceRegistrationService {
+    /**
+     * Executes a device registration protocol with the broker.
+     *
+     * @param protocolParams Bundle containing device registration protocol parameters
+     * @return Bundle containing the protocol response from the broker
+     */
+    Bundle executeDeviceRegistrationProtocol(in Bundle protocolParams);
+}
@@ -67,14 +67,14 @@ public abstract class BoundServiceClient<T extends IInterface> {
     /**
      * Perform the given operation with the given .aidl {@link IInterface}
      */
-    abstract @Nullable Bundle performOperationInternal(@NonNull final BrokerOperationBundle inputBundle,
-                                                       @NonNull final T aidlInterface) throws RemoteException, BrokerCommunicationException;
+    protected abstract @Nullable Bundle performOperationInternal(@NonNull final BrokerOperationBundle inputBundle,
+                                                                 @NonNull final T aidlInterface) throws RemoteException, BrokerCommunicationException;
 
     /**
      * Extracts {@link IInterface} from a given {@link IBinder}
      * i.e. T.Stub.asInterface(binder), where T is an .aidl {@link IInterface}.
      */
-    abstract @NonNull T getInterfaceFromIBinder(@NonNull final IBinder binder);
+    protected abstract @NonNull T getInterfaceFromIBinder(@NonNull final IBinder binder);
 
     /**
      * BoundServiceClient's constructor.

@@ -75,7 +75,8 @@ public MicrosoftAuthClient(@NonNull final Context context,
     }
 
     @Override
-    @Nullable Bundle performOperationInternal(@NonNull final BrokerOperationBundle brokerOperationBundle,
+    @Nullable
+    protected Bundle performOperationInternal(@NonNull final BrokerOperationBundle brokerOperationBundle,
                                               @NonNull final IMicrosoftAuthService microsoftAuthService)
             throws RemoteException, BrokerCommunicationException {
 
@@ -129,7 +130,7 @@ public MicrosoftAuthClient(@NonNull final Context context,
     }
 
     @Override
-    @NonNull IMicrosoftAuthService getInterfaceFromIBinder(@NonNull IBinder binder) {
+    @NonNull protected IMicrosoftAuthService getInterfaceFromIBinder(@NonNull IBinder binder) {
         final IMicrosoftAuthService service = IMicrosoftAuthService.Stub.asInterface(binder);
         if (service == null) {
             throw new IllegalStateException("Failed to extract IMicrosoftAuthService from IBinder.", null);

@@ -0,0 +1,71 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.broker.ipc
+
+import android.content.Context
+import android.os.Bundle
+import android.os.IBinder
+import com.microsoft.identity.client.IDeviceRegistrationService
+import com.microsoft.identity.common.internal.broker.BoundServiceClient
+
+/**
+ * A client for communicating with the DeviceRegistrationService via IPC.
+ * This client binds to the service and allows executing device registration protocol operations with the broker.
+ *
+ * @param context the application context used to bind to the service.
+ */
+class DeviceRegistrationServiceClient(context: Context) :
+    BoundServiceClient<IDeviceRegistrationService>(
+        context,
+        SERVICE_CLASS_NAME,
+        SERVICE_INTENT_FILTER
+    ) {
+    companion object {
+        /** The fully qualified class name of the DeviceRegistrationService to bind to. */
+        private const val SERVICE_CLASS_NAME = "com.microsoft.identity.client.DeviceRegistrationService"
+
+        /** The intent filter used to identify the DeviceRegistrationService. */
+        private const val SERVICE_INTENT_FILTER = "com.microsoft.identity.client.DeviceRegistration"
+    }
+
+    /**
+     * Extracts the [IDeviceRegistrationService] AIDL interface from the given [IBinder].
+     *
+     * @param binder the [IBinder] returned by the service connection.
+     * @return the [IDeviceRegistrationService] interface for communicating with the service.
+     */
+    protected override fun getInterfaceFromIBinder(binder: IBinder): IDeviceRegistrationService =
+        IDeviceRegistrationService.Stub.asInterface(binder)
+
+    /**
+     * Executes the device registration protocol operation by delegating to the AIDL interface.
+     *
+     * @param inputBundle the [BrokerOperationBundle] containing the operation parameters.
+     * @param aidlInterface the [IDeviceRegistrationService] AIDL interface bound to the service.
+     * @return a [Bundle] containing the result of the device registration protocol, or null if no result.
+     */
+    protected override fun performOperationInternal(
+        inputBundle: BrokerOperationBundle,
+        aidlInterface: IDeviceRegistrationService
+    ): Bundle? = aidlInterface.executeDeviceRegistrationProtocol(inputBundle.bundle)
+}
@@ -537,6 +537,11 @@ public class ClientException extends BaseException {
      */
     public static final String DEVICE_NOT_SUPPORT_HARDWARE_WRAPPED_KEY_IMPORT = "device_not_supported_hardware_wrapped_key_import";
 
+    /**
+     * Emitted when a function that must not run on the main (UI) thread is called from the main thread.
+     */
+    public static final String CALLED_ON_MAIN_THREAD = "called_on_main_thread";
+
     /**
      * Constructor of ClientException.
      *