Forum Discussion
Intune App Protection Policies (The apps on this device are already managed)
Hi
One of our users got this error for some reason.
The device is an iPhone, enrolled into Intune.
When the user opens Microsoft Teams they get the following error.
Remove Account
The apps on this device are already managed. Only a single managed account is allowed on a device. Select the account you want to remove. This account and all associated data will be removed from all managed apps.
Then it displays two identical work accounts for the user.
(Example)
user @ domain.com
user @ domain.com
No matter what we delete this just goes on and on for Teams, no other apps has this issue and no other user has this issue, and it just started happening today.
- Sorry for my delayed response; I was waiting to hear back. I have no actual technical details about the resolution, and it was confirmed it was an InTune issue that's been resolved. The Teams and Outlook apps should now start working. I told them to send me the technical details, even if I didn't understand it and they didn't.
65 Replies
JimmyWork just had this happen with my dad’s new iPhone 14 pro max. We were trying to sign him into his work email on the outlook app and getting the error message. We tried everything, eventually I just went into the iPhone’s mail settings and added his work email under the Microsoft exchange account option. Now he has access to the work email via the iPhone mail app. Thank you to everyone who commented though…we were going crazy trying to figure this out thinking we were the only ones! Seems like a Microsoft/ios16 issue.
HI
Does anyone have a solution to this? I have done everything I can think of, and still not resolved.
- Doesn't look like there's currently a solution for this but it's at least a known issue MS is looking into Details
Title: Some users can't access Microsoft 365 services after their Azure Active Directory (AD) Object ID (OID) has changed
User Impact: Users with app protection policy can't use Microsoft 365 services from iOS devices after their Azure AD OID has changed.
More Info: This issue impacts users who have a new Azure Active Directory (AD) Object Identifier (OID), which can occur by having their account deleted and recreated with the same User Principal Name (UPN).
Current Status: Microsoft Intune recently changed to using the OID rather than the UPN to identify users. Users that are using the same UPN but have had an OID change are blocked from accessing Microsoft apps assigned with app protection policies. We're exploring options to update the client library to remediate impact.
JimmyWork Team, We found the solution for my org without erasing the device. For every MS app on the iPhone you need to log out of each one individually and delete the account from Authenticator (if being used). This includes: Outlook, Teams, OneDrive, OneNote, PowerPower, Word, Excel, etc and MOST importantly Edge (iOS). Then, Outlook allowed the account to register correctly and every other application loaded correctly. MS Edge turned out to be the hold out on our end with iOS 16.0.1
- Thank you for sharing I will try this on the device as soon as I can and report back.
Morey Haber I tried this and it didn't work but there is the possibility we missed an app that was logged in, which I imagine would hinder everything. The next time it pops up I'll definitely work with the user more thoroughly to make sure we get every single one. Thanks for the reply!
I have the same issue, the fun thing is that I was able to login on the 365 App. On the 365 App everything works fine.
The point of wiping the phone that was mentioned above is no option for me, but also not having access to all the other Microsoft Apps (e.g. Outlook, Team...) is a problem.
Hopefully Microsoft finds a solution soon, otherwise i will have to dig out an old phone.
- Seeing this exact error except rather than just one app it's basically the entire Microsoft Suite of apps with the exception of Word, Excel, and PowerPoint.
We've unenrolled/re-enrolled the device, reset all app settings locally, verified that there is only a single managed profile present, and deleted the device registration completely from Azure/Intune multiple times attempting to clear this issue. The user has two iPads running iPadOS 15.7, neither are having this problem, just his iPhone running iOS 16. This is not an Intune configuration setting near as we can determine and as we have thousands of users on iOS16 that are not having this issue it appears to be completely random.- Thank you for answering at least I'm not alone, but did you ever solve it?
Did you create a Microsoft ticket?
I will test tomorrow on a new device same account.
Last resort is to wipe the device and see if that helps.JimmyWorkUnfortunately not, we're going to be doing a device wipe to see if that clears it and if not we'll be opening a ticket with Microsoft.
