Forum Discussion
Conditional Access "Require App Protection Policy" blocks first launch
Hi all,
When I launch OneDrive on a brand new iPhone the Conditional Access policy "Require App Protection" blocks the app since the app protection is not yet configured.
If I disable the CA policy, launch OneDrive so it can apply App Protection then reenable the CA policy it works fine.
Is it the normal behavior? Do we have to disable the CA policy everytime we prepare a new phone?
VasilMichev All prerequisites are OK! I found out this happens with MS Teams, not with OneDrive.
I think I figured out what is the problem, the "Azure Active Directory Conditional Access settings reference" doc indicates only 5 apps are currently supported (Cortana, Edge, OneDrive, Outlook and Planner):
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/technical-reference#app-protection-policy-requirement
But the "Require app protection policy for cloud app access with Conditional Access (preview)" does not mention it:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-protection-based-conditional-access
So this policy can't apply to Teams and other unsupported apps, meaning it is pretty useless for now, until all cloud apps become supported...
4 Replies
Have you configured all the prerequisites as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-protection-based-conditional-access#prerequisites
VasilMichev All prerequisites are OK! I found out this happens with MS Teams, not with OneDrive.
I think I figured out what is the problem, the "Azure Active Directory Conditional Access settings reference" doc indicates only 5 apps are currently supported (Cortana, Edge, OneDrive, Outlook and Planner):
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/technical-reference#app-protection-policy-requirement
But the "Require app protection policy for cloud app access with Conditional Access (preview)" does not mention it:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-protection-based-conditional-access
So this policy can't apply to Teams and other unsupported apps, meaning it is pretty useless for now, until all cloud apps become supported...
Makes sense then, Teams is indeed currently not supported.
