Forum Discussion
App Access Blocked: Your Organization requires confirmation that you are clocked in
Hello,
I am trying to onboard BYOD mobile devices(Android/iPhone) using intune's MAM(Mobile Application Management) without enrollment deployment option but failing for iPhone devices.
Andoid devices are working fine and can able to sign-in to Microsoft Apps like oulook, teams, OneDrive etc.
Error Message: App Access Blocked: To Access your data associated with Account Email address removed, your Organization requires confirmation that you are clocked in. We are unable to verify this. Please try again later or Contact your Admin.
Regards,
- Hi were those ios devices previously enrolled into another mdm ? or are those new shiny clean devices?
- admin1735Copper ContributorHi Rudy_Ooms,
Yes, I have tried on new devices only and all iPhone devices are failing with same error message.
Error message: App Access Blocked: To Access your data associated with Account Email address removed, your Organization requires confirmation that you are clocked in. We are unable to verify this. Please try again later or Contact your Admin.
Thank you,
- admin1735Copper Contributor
Hello Team,
Please let me know if you have any update on this issue.
Thank you,
- To be honest I have never seen this message before. looks like a custom made message. Do you even seen a login attempt in the sign in logs? It looks like app protection trying to kick in but that doesn't correspond with the message..
Could you show us some more information.. are there conditional access rules configured? any app protection policies applied. what happens when you enroll the device instead of using without enrollment.
Is the mfa authenticator app installed? is the company portal installed.- Dana_RamosCopper ContributorI am seeing the same issue in messaging on accounts with two different tenants. It happened once a few days ago and then went away on its own. But happened again last night on my Android device and I've been messaged now by two other users with iPhones who are experiencing the same thing. I know that there is a clock in / clock out function through the shifts app in teams but neither of these tenants have ever been set up to use that. I actually set one of them up and clocked in through it today and I am still not able to log in to outlook, teams, etc on my mobile device. Both of these tenants do have mobile application management enabled through InTune and everyone is licensed to use that. MAM was deployed through the guided setup scenario using the less strict policy. I've gone through all the settings in those two policies and don't see anything regarding conditional access based on clock-in status. There aren't any standalone CA policies setup for these accounts as they are both using security defaults currently. I've been searching the web using different phrasing and reviewing the docs since last night and haven't seen a single mention of this anywhere until I came across this thread. I took a bunch of screenshots and can upload those if they would help. Like I said, same messaging as OP stated.
- naveedakhterCopper ContributorBeen having this issue since the last 10days, has to do something with admin accounts or groups or roles, overlapping policies regulating data storage and access on android or ios devices.
Thing is disabled shifts app, surprised that it's still throwing the same error. - admin1735Copper Contributor
Dear Team,
Last week, I started facing same issue for Android device as well. But Managed to fix it after modifying the Conditional Launch setting - 'SafetyNet device attestation' to WARN from Block Action.
Setting- SafetyNet device attestationValue- Basic integrity and certified devicesAction- WarnI hope it might assist if you might be having same issue.Regards,