Hello guys,
our scenario is like following, having issues "checking in" with App Protection Policy because of Condtional Access.
We have a condtional access for Office 365 for our iOS and Android Users, they have to be
A) Registered in Intune (this is our COPE model)
or
B) Have a App Protection Policy assigned (BYOD model)
So our Conditional access rule looks like this:
Users : All
Cloud Apps: Office-365
Condition iOS and Android Device platform
Client apps: All
Access controls: Grand access
- Require device to be marked as compliant
OR
- Require app protection policy
If you register your Phone via the company portal all works fine, the Condtional Access Policy grants access because Condtion A) is fullfilled.
For Condtion B) scenario we have App Protection Policy assigend for all Users unmanaged devices, if you are connecting for Example via Outlook App and your device is not registered in Intune it sometimes gets the App Protection Policy assigned correctly and the Condtional Access is fullfilled and somtimes not: failing due to Registeration is needed (the Condtional Access is blocking)
We have this construct because there are users having company devices (model A) and also private devices (model B)
I guess there is something strange on this behaviour, we have all kinds of scenarios, on some devices it is working with a few apps and on others with none, it is not transparent why. It seems like there are issues on the app checking on the conditional access, but only sometimes?
The expected behaviour would be like:
Open Outlook App
Enter Credentials
Checking Condtional Access
- Device Intune enrolled -> Grand Access
- Device not enrolled -> Apply APP (But this is not working reliable)
Maybe you have any kind of ideas to solve this, or is it just a bug?
Best Regards,
Florian