to ensure some governance in the clients tenant we introduced a Forms/Flow/Approval/Azure Function combination to create something called "permanent Team" that is excluded from the AAD Groups expiration policy.
So far, so nice, but when we wrapped everything into a Teams app so that the user has a consistent UI, we stumbled upon the Conditional Access feature which lets Forms not work in a Teams tab. The form tried to load but leaves a gray window as it tries to authenticate and obviously "losing" the machine information for the CA check during doing so. When starting the Teams app in the web client, everything works smooth, so obviously the Windows client here is causing this behaviour. Similar approaches with e.g. Planner is working well, so this seems to be solved here.
Any workaround for this or any idea when this will be fixed for Forms?
It would be interesting to compare Forms operating in the browser to Forms embedded in the Teams desktop against your policies. The latest update to AzureAD sign-in logs lets you easily see how the CA policies were applied during login.
If you did see a difference I think it would be time for a support request.