Forum Discussion
App Access Blocked: Your Organization requires confirmation that you are clocked in
Hello, I am trying to onboard BYOD mobile devices(Android/iPhone) using intune's MAM(Mobile Application Management) without enrollment deployment option but failing for iPhone devices. Andoid...
Hello Team,
Please let me know if you have any update on this issue.
Thank you,
- To be honest I have never seen this message before. looks like a custom made message. Do you even seen a login attempt in the sign in logs? It looks like app protection trying to kick in but that doesn't correspond with the message..
Could you show us some more information.. are there conditional access rules configured? any app protection policies applied. what happens when you enroll the device instead of using without enrollment.
Is the mfa authenticator app installed? is the company portal installed.- I am seeing the same issue in messaging on accounts with two different tenants. It happened once a few days ago and then went away on its own. But happened again last night on my Android device and I've been messaged now by two other users with iPhones who are experiencing the same thing. I know that there is a clock in / clock out function through the shifts app in teams but neither of these tenants have ever been set up to use that. I actually set one of them up and clocked in through it today and I am still not able to log in to outlook, teams, etc on my mobile device. Both of these tenants do have mobile application management enabled through InTune and everyone is licensed to use that. MAM was deployed through the guided setup scenario using the less strict policy. I've gone through all the settings in those two policies and don't see anything regarding conditional access based on clock-in status. There aren't any standalone CA policies setup for these accounts as they are both using security defaults currently. I've been searching the web using different phrasing and reviewing the docs since last night and haven't seen a single mention of this anywhere until I came across this thread. I took a bunch of screenshots and can upload those if they would help. Like I said, same messaging as OP stated.
I have also tried removing/readding these accounts from the apps, reinstalling apps, etc. I forgot to mention that occasionally it will just work when when you open the apps but then blocks access shortly after.
My next step is to remove assignment of the MAM policies but these have been deployed and working correctly for a little while so I'm not sure what's changed. I this must to be a bug? I have set these same policies up on quite a few other tenants and never seen these messages before. As far as I can tell, there's no mention of CA or MAM requiring being clocked-in in the docs.
