Improve determination of managed state in DeviceSettingsProvider

components/policy/proto/device_management_backend.proto

Index: components/policy/proto/device_management_backend.proto
diff --git a/components/policy/proto/device_management_backend.proto b/components/policy/proto/device_management_backend.proto
index 973c1b324de8ac7f5b3971a5027edd9e9c2770c0..859c9cb8f092cbf4db156dfc1a6b4b4122e5ab94 100644
--- a/components/policy/proto/device_management_backend.proto
+++ b/components/policy/proto/device_management_backend.proto
@@ -290,10 +290,13 @@ message PolicyData {
   // anything like that.
   optional int64 timestamp = 2;
 
-  // The DM token that was used by the client in the HTTP POST header
-  // for authenticating the request. It is included here again so that
-  // the client can verify that the response is meant for them (and not
-  // issued by a replay or man-in-the-middle attack).
+  // The DM token that was used by the client in the HTTP POST header for
+  // authenticating the request. It is included here again so that the client
+  // can verify that the response is meant for them (and not issued by a replay
+  // or man-in-the-middle attack).
+  // Note that the existence or non-existence of the DM token is not the correct
+  // way to determine whether the device is managed. Cf. |management_mode| below
+  // for details.
   optional string request_token = 3;
 
   // The serialized value of the actual policy protobuf.  This can be
@@ -368,8 +371,8 @@ message PolicyData {
     // The device is owned locally. The policies are set by the local owner of
     // the device.
     LOCAL_OWNER = 0;
-    // The device is enterprise-managed. The policies come from the enterprise
-    // server. See the comment above for backward compatibility.
+    // The device is enterprise-managed (either via DM server or through Active
+    // Directory). See the comment above for backward compatibility.
     ENTERPRISE_MANAGED = 1;
     // Obsolete. Don't use.
     OBSOLETE_CONSUMER_MANAGED = 2;