I'm a global Admin of an Office 365 Tenant, and the admin app used to work fine on my Android device.
But it doesn't work anymore. On the Android (6.0) device I get an error telling me "Unauthorized. Couldn't verify your user role. Please try again later.". The same on iOS (11.4, in German): "Nicht autorisiert. Ihre Benutzerrolle konnte nicht überprüft werden. Versuchen sie es später noch einmal".
Login to the admin control panel via web browser works fine as always. But this error message appears for quite some months now and it's a real pain not being able to do quick adjustments directly in the app anymore.
I guess I finally found out what's the problem. We added a new domain some time back and switched all user-ids / primary addresses to the new domain and with that also our naming scheme changed from forename@... to forename.surname@.... That worked out pretty smooth. Since then I'm using my new user-id for logging in. For testing I just re-activated an old deactivated an blocked global admin account, which was already inactive when we switched and therefore is still using the old domain. That one works perfectly within the app. Therefore I guess the switch of the domain left some remnants of the old user-id causing issues regarding the app login, but not the login via the web interface or Exchange. I just checked in the Azure AD shell. The fields UserPrincipalName, WindowsLiveID, MicrosoftOnlineServicesID and WindowsEmailAddress contain the correct new address while DistinguishedName still contains the old name and domain. The fields Identity, Id and Name still show the old name. Right now it seems that admin accounts, for which name and domain changed can't log into the app anymore (new-name@new-domain causing the above error, old-name@old-domain and old-name@new-domain cause invalid password errors). Admin accounts, whose name and domain hasn't changed can login.
Do I really need two admin accounts if I also want to use the app? Or is there a better way? Any ideas?
Yes, I could open a support case. But since we're grateful that we get this IT solution for free (we probably couldn't afford to buy it) it doesn't feel right to open support cases issues just regarding convenience and not fundamental problems.