Forum Discussion
App Access Blocked: Your Organization requires confirmation that you are clocked in
Hello, I am trying to onboard BYOD mobile devices(Android/iPhone) using intune's MAM(Mobile Application Management) without enrollment deployment option but failing for iPhone devices. Andoid...
I am seeing the same issue in messaging on accounts with two different tenants. It happened once a few days ago and then went away on its own. But happened again last night on my Android device and I've been messaged now by two other users with iPhones who are experiencing the same thing. I know that there is a clock in / clock out function through the shifts app in teams but neither of these tenants have ever been set up to use that. I actually set one of them up and clocked in through it today and I am still not able to log in to outlook, teams, etc on my mobile device. Both of these tenants do have mobile application management enabled through InTune and everyone is licensed to use that. MAM was deployed through the guided setup scenario using the less strict policy. I've gone through all the settings in those two policies and don't see anything regarding conditional access based on clock-in status. There aren't any standalone CA policies setup for these accounts as they are both using security defaults currently. I've been searching the web using different phrasing and reviewing the docs since last night and haven't seen a single mention of this anywhere until I came across this thread. I took a bunch of screenshots and can upload those if they would help. Like I said, same messaging as OP stated.
I have also tried removing/readding these accounts from the apps, reinstalling apps, etc. I forgot to mention that occasionally it will just work when when you open the apps but then blocks access shortly after.
My next step is to remove assignment of the MAM policies but these have been deployed and working correctly for a little while so I'm not sure what's changed. I this must to be a bug? I have set these same policies up on quite a few other tenants and never seen these messages before. As far as I can tell, there's no mention of CA or MAM requiring being clocked-in in the docs.
Thats indeed very odd... as stated before it looks very much like app protection policies applying.. But (until now?) it never mentioned the "clocked" part... did you already opened a support ticket ?
Could you let us know if it fixes the issue when you decide to disable/remove the mam policies?
I know there is something wrong with app protection and teams .. maybe they are trying to fix that... and creating a new issue?
Hello Rudy_Ooms_MVP,
When I am checking the App protection status logs(Under Troubleshooting + support) during login process into iOS(outlook app), It's showing checked-in successfully.
But issue remains the same, outlook app access blocked with same error message.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Error message: App Access Blocked: To Access your data associated with Account Email address removed, your Organization requires confirmation that you are clocked in. We are unable to verify this. Please try again later or Contact your Admin.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Attaching screenshot for your reference.
Regards,
- Okay so app protection works.. and the device could check in...it's such a strange error/warning as it is mentioning clocked in instead of checked in 🙂
Yes, I have also opened a support case(29509939). As per latest update from support team, They are still testing this issue in their lab envirnment.
Please let me kow if you need any further detail from my end.
Regards,
