Forum Discussion

admin1735's avatar
admin1735
Copper Contributor
Feb 10, 2022

App Access Blocked: Your Organization requires confirmation that you are clocked in

Hello,   I am trying to onboard BYOD mobile devices(Android/iPhone) using intune's MAM(Mobile Application Management) without enrollment deployment option but failing for iPhone devices.   Andoid...
Intune
Mobile Application Management (MAM)
Dana_Ramos's avatar
Dana_Ramos
Copper Contributor
Feb 12, 2022
I am seeing the same issue in messaging on accounts with two different tenants. It happened once a few days ago and then went away on its own. But happened again last night on my Android device and I've been messaged now by two other users with iPhones who are experiencing the same thing. I know that there is a clock in / clock out function through the shifts app in teams but neither of these tenants have ever been set up to use that. I actually set one of them up and clocked in through it today and I am still not able to log in to outlook, teams, etc on my mobile device. Both of these tenants do have mobile application management enabled through InTune and everyone is licensed to use that. MAM was deployed through the guided setup scenario using the less strict policy. I've gone through all the settings in those two policies and don't see anything regarding conditional access based on clock-in status. There aren't any standalone CA policies setup for these accounts as they are both using security defaults currently. I've been searching the web using different phrasing and reviewing the docs since last night and haven't seen a single mention of this anywhere until I came across this thread. I took a bunch of screenshots and can upload those if they would help. Like I said, same messaging as OP stated.
Dana_Ramos's avatar
Dana_Ramos
Copper Contributor
Feb 12, 2022

 

I have also tried removing/readding these accounts from the apps, reinstalling apps, etc. I forgot to mention that occasionally it will just work when when you open the apps but then blocks access shortly after.

 

My next step is to remove assignment of the MAM policies but these have been deployed and working correctly for a little while so I'm not sure what's changed. I this must to be a bug? I have set these same policies up on quite a few other tenants and never seen these messages before. As far as I can tell, there's no mention of CA or MAM requiring being clocked-in in the docs. 

 

 

  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    MVP
    Feb 12, 2022

    Thats indeed very odd... as stated before it looks very much like app protection policies applying.. But (until now?) it never mentioned the "clocked" part... did you already opened a support ticket ?

     

    Could you let us know if it fixes the issue when you decide to disable/remove the mam policies?

    I know there is something wrong with app protection and teams .. maybe they are trying to fix that... and creating a new issue?

     

    Rudy Ooms | MVP :netherlands: on Twitter: "@IntuneSuppTeam .. Is this a notification due to App protection policies? At first i didnt thought so, but now more people are asking about it (technet) Never noticed this "clocked" prompt #mem #msintune #intune https://t.co/EOBK7HFZ51 https://t.co/Mh24ceFNGl" / Twitter

    • admin1735's avatar
      admin1735
      Copper Contributor
      Feb 14, 2022

      Hello Rudy_Ooms_MVP,

       

      When I am checking the App protection status logs(Under Troubleshooting + support) during login process into iOS(outlook app), It's showing checked-in successfully.

       

      But issue remains the same, outlook app access blocked with same error message.

       

      ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

      Error message: App Access Blocked: To Access your data associated with Account Email address removed, your Organization requires confirmation that you are clocked in. We are unable to verify this. Please try again later or Contact your Admin.

      ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

       

      Attaching screenshot for your reference.

       

       

      Regards,

      • Rudy_Ooms_MVP's avatar
        Rudy_Ooms_MVP
        MVP
        Feb 14, 2022
        Okay so app protection works.. and the device could check in...it's such a strange error/warning as it is mentioning clocked in instead of checked in 🙂
    • admin1735's avatar
      admin1735
      Copper Contributor
      Feb 14, 2022

      Rudy_Ooms_MVP,

       

      Yes, I have also opened a support case(29509939). As per latest update from support team, They are still testing this issue in their lab envirnment.

       

      Please let me kow if you need any further detail from my end.

       

      Regards,

Resources