Forum Discussion
Intune App Protection Policies (The apps on this device are already managed)
Hi
One of our users got this error for some reason.
The device is an iPhone, enrolled into Intune.
When the user opens Microsoft Teams they get the following error.
Remove Account
The apps on this device are already managed. Only a single managed account is allowed on a device. Select the account you want to remove. This account and all associated data will be removed from all managed apps.
Then it displays two identical work accounts for the user.
(Example)
user @ domain.com
user @ domain.com
No matter what we delete this just goes on and on for Teams, no other apps has this issue and no other user has this issue, and it just started happening today.
- Sorry for my delayed response; I was waiting to hear back. I have no actual technical details about the resolution, and it was confirmed it was an InTune issue that's been resolved. The Teams and Outlook apps should now start working. I told them to send me the technical details, even if I didn't understand it and they didn't.
- Morey HaberCopper Contributor
JimmyWork Team, We found the solution for my org without erasing the device. For every MS app on the iPhone you need to log out of each one individually and delete the account from Authenticator (if being used). This includes: Outlook, Teams, OneDrive, OneNote, PowerPower, Word, Excel, etc and MOST importantly Edge (iOS). Then, Outlook allowed the account to register correctly and every other application loaded correctly. MS Edge turned out to be the hold out on our end with iOS 16.0.1
- JimmyWorkIron ContributorThank you for sharing I will try this on the device as soon as I can and report back.
- Kory_YoungCopper Contributor
Morey Haber I tried this and it didn't work but there is the possibility we missed an app that was logged in, which I imagine would hinder everything. The next time it pops up I'll definitely work with the user more thoroughly to make sure we get every single one. Thanks for the reply!
- Kory_YoungCopper ContributorSeeing this exact error except rather than just one app it's basically the entire Microsoft Suite of apps with the exception of Word, Excel, and PowerPoint.
We've unenrolled/re-enrolled the device, reset all app settings locally, verified that there is only a single managed profile present, and deleted the device registration completely from Azure/Intune multiple times attempting to clear this issue. The user has two iPads running iPadOS 15.7, neither are having this problem, just his iPhone running iOS 16. This is not an Intune configuration setting near as we can determine and as we have thousands of users on iOS16 that are not having this issue it appears to be completely random.- JimmyWorkIron ContributorThank you for answering at least I'm not alone, but did you ever solve it?
Did you create a Microsoft ticket?
I will test tomorrow on a new device same account.
Last resort is to wipe the device and see if that helps.- Kory_YoungCopper Contributor
JimmyWorkUnfortunately not, we're going to be doing a device wipe to see if that clears it and if not we'll be opening a ticket with Microsoft.
- JandoWICopper Contributor
I have the same issue when restoring an Apple iPhone 14 Pro Max (iOS 16.0.1) from iCloud backup. Even after deleting all Microsoft apps and work profiles, the problem persisted. The only fix was a full reset without a restore from the backup.
- Mr_JJ566Copper Contributor
HI
Does anyone have a solution to this? I have done everything I can think of, and still not resolved.
- radhika1425Copper ContributorDoesn't look like there's currently a solution for this but it's at least a known issue MS is looking into Details
Title: Some users can't access Microsoft 365 services after their Azure Active Directory (AD) Object ID (OID) has changed
User Impact: Users with app protection policy can't use Microsoft 365 services from iOS devices after their Azure AD OID has changed.
More Info: This issue impacts users who have a new Azure Active Directory (AD) Object Identifier (OID), which can occur by having their account deleted and recreated with the same User Principal Name (UPN).
Current Status: Microsoft Intune recently changed to using the OID rather than the UPN to identify users. Users that are using the same UPN but have had an OID change are blocked from accessing Microsoft apps assigned with app protection policies. We're exploring options to update the client library to remediate impact.
- Ted_TrullingerCopper ContributorOK, this process just worked on a device with the issue!
RESET NETWORK SETTINGS, Removed MS Authenticator account, Resetting MFA, Re-registering to MS Authenticator, Deleting MS Outlook app, making sure all Office apps were signed out especially Edge for iOS, Check Status on device in Company Portal, Re-Installed Outlook for iOS from Company Portal, Outlook found an existing account which we could reset by hitting CONTINUE. Bingo, Mail loaded without the Account needs to be removed message!
Now, I know not every single step above may need to be done as I have tried most of them except RESET NETWORK SETTINGS so I am leaning towards trying just that, removing Outlook for iOS app, Sync Company Portal, Re-installing Outlook from Company Portal on the next device...more to come...
PS: Have not heard back from Microsoft on the case yet...- radhika1425Copper Contributor
Ted_Trullinger The issue is supposedly fixed with the latest version of Outlook that was released yesterday. Got confirmation from our users that it's working
- Ted_TrullingerCopper ContributorWell this is even better news! I wish Microsoft support reached out to me on my open case to tell me that but appriciate you, Radhika1425. Thx!
- JKormosBrass Contributor
I confirmed that the network reset works for us as well! I first had the user update the Outlook app yesterday and that didn't fix it. Resetting All Network Settings worked like a charm, thank you! I had a Microsoft Support case open, and I passed this information along to them as the resolution.
Again for anyone joining this thread: try to update the Outlook app from the App Store. If this doesn't work do what Ted_Trullinger stated. Settings > General > Transfer or Reset iPhone > Reset > Reset All Network Settings. This does not reset any data, just network settings.- JKormosBrass ContributorI have an update with some unfortunate news. The Reset All Network Settings only worked for a few hours and the user has the same issue again. Also doing the same thing with the Microsoft Teams mobile app as well.
- HadebayourCopper ContributorA user in my organization had similar issue this morning and I resolved it by deleting all the old IOS devices that she had registered via Microsoft Authenticator to Azure.
Log into portal.Azure.com, search for the user and select devices > delete all IOS devices and the user was prompted to register her IOS phone from scratch. - Titan515Copper Contributor
I have the same issue, the fun thing is that I was able to login on the 365 App. On the 365 App everything works fine.
The point of wiping the phone that was mentioned above is no option for me, but also not having access to all the other Microsoft Apps (e.g. Outlook, Team...) is a problem.
Hopefully Microsoft finds a solution soon, otherwise i will have to dig out an old phone.
- gms12Copper Contributor
JimmyWork just had this happen with my dad’s new iPhone 14 pro max. We were trying to sign him into his work email on the outlook app and getting the error message. We tried everything, eventually I just went into the iPhone’s mail settings and added his work email under the Microsoft exchange account option. Now he has access to the work email via the iPhone mail app. Thank you to everyone who commented though…we were going crazy trying to figure this out thinking we were the only ones! Seems like a Microsoft/ios16 issue.
- mline69Copper ContributorI had this exact issue with our iPhone 14 Pro Max's on iOS 16.0.2
I had to create an exclude group in Azure, add aeffected users in and then exclude this group from our App protection policy under: https://endpoint.microsoft.com/#view/Microsoft_Intune_DeviceSettings/AppsMenu/~/appProtection
The policy we have setup has nothing that should be causing the issue and it only seems to be users with the iPhone 14 who are suffering.
This is our bandaid for now.
Cheers - amiruddin_shahCopper Contributorhey i think i may have found a fix for this
1.go to setting mail and makesure your work email isnt sign in to default mail
2.remove device profile and re enroll device
3.go to settings>outlook>default mail change it to outlook.
it works for mine now as the outlook app set default app to mail instead of the outlook- Mr_JJ566Copper Contributor
amiruddin_shah - still not working for me after following your recommendations, will keep chasing MS
- Ted_TrullingerCopper ContributorHi and thanks. That is not the same thing I am referring to. I am still having the issue. I also tried the App Protection policy fix someone mentioned but that did not fix issue either. I am relying on Microsoft Support at the moment but welcome any other info. if someone has a fix, thanks!
- Ted_TrullingerCopper ContributorThis just worked for me but see exact details below...I think RESET NETWORK SETTINGS was needed. Thanks ITJOE3207