Forum Discussion
Microsoft 365 Admin App Protection
Hello,
We're having an issue where the Microsoft 365 Admin / Office 365 Management app is not being App Protected and therefore we're unable to log in based on our CA policy to require app protection.
All other apps work and Microsoft 365 Admin shows up and is applied in the App Protection Profile, but the sign in fails with the error below. Reviewing the sign in logs, the login is correlated to the application "Office 365 Managment" and that application does not show in App Protection or Conditional Access.
Failure reason
Application needs to enforce Intune protection policies.
Additional Details
MFA requirement satisfied by claim in the token
Does anyone have this problem? I didn't find much on the topic and I don't know if Microsoft is aware or working to resolve the issue.
The only work around we have is to exclude the end user from the CA Policy requiring App Protection but that weakens our security.
When configuring Conditional Access to require an App Protection Policy, you must ensure that an appropriate policy is applied to the targeted users via the Intune Admin Center.
This policy should be scoped to the relevant Office 365 applications or any specific apps the users need to access. Otherwise, access issues may occur.
Alternatively, you can adjust the Conditional Access permissions to align with your intended access behavior.
Best,
Ahmed Masoud
Thank you. Anyone from Microsoft 365 admin center care to comment if this is expected or not?
I just noticed this yesterday too, I don't remember this happening before
