admin.microsoft.com inaccessible via MCAS

%3CLINGO-SUB%20id%3D%22lingo-sub-3242674%22%20slang%3D%22en-US%22%3Eadmin.microsoft.com%20inaccessible%20via%20MCAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3242674%22%20slang%3D%22en-US%22%3E%3CP%3EWith%20a%20conditional%20access%20policy%20applied%20admins%20are%20unable%20to%20reach%20admin.microsoft.com.%26nbsp%3B%20It%20is%20redirected%20to%20%3CA%20href%3D%22https%3A%2F%2Fadmin.microsoft.com.mcas.ms%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fadmin.microsoft.com.mcas.ms%3C%2FA%3E%26nbsp%3Band%20yields%20a%20blank%20white%20screen.%3C%2FP%3E%3CP%3EThere%20is%20only%201%20conditional%20access%20policy.%3C%2FP%3E%3CP%3EIt's%20settings%20are%3A%3C%2FP%3E%3CP%3EAll%20users%20(with%204%20admins%20excluded).%3C%2FP%3E%3CP%3EAll%20Cloud%20Apps.%3C%2FP%3E%3CP%3E3%20Conditions%20selected%3C%2FP%3E%3CUL%3E%3CLI%3EDevice%20Platforms%3CUL%3E%3CLI%3EInclude%20Any%20Device%2C%20Exclude%20macOS%20and%20Linux%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3CLI%3ELocations%3CUL%3E%3CLI%3EAny%20location%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3CLI%3EAccess%20Controls%3CUL%3E%3CLI%3EGrant%20Access%2C%20Require%20MFA%3C%2FLI%3E%3CLI%3ERequire%20one%20of%20the%20selected%20controls%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3CLI%3ESession%3CUL%3E%3CLI%3ESign-in%20Frequency%207%20days%3C%2FLI%3E%3CLI%3EUse%20Conditional%20Access%20App%20Control%20(Monitor%20Only).%26nbsp%3B%20I%20have%20tried%20to%20REMOVE%20this%20setting%20but%20it%20comes%20back%20all%20by%20itself.%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

With a conditional access policy applied admins are unable to reach admin.microsoft.com.  It is redirected to https://admin.microsoft.com.mcas.ms and yields a blank white screen.

There is only 1 conditional access policy.

It's settings are:

All users (with 4 admins excluded).

All Cloud Apps.

3 Conditions selected

  • Device Platforms
    • Include Any Device, Exclude macOS and Linux
  • Locations
    • Any location
  • Access Controls
    • Grant Access, Require MFA
    • Require one of the selected controls
  • Session
    • Sign-in Frequency 7 days
    • Use Conditional Access App Control (Monitor Only).  I have tried to REMOVE this setting but it comes back all by itself.

 

4 Replies
You should probably contact MS support
I did. I opened a case on 2/23 and received a call on 3/4 when I was OOF. I should be speaking with them today.
This was a problem with MCAS and fixed by MS on the backend. There was nothing wrong with my config. I'm revisiting this today because now I have the same issue with Sharepoint. Today no user can access Sharepoint. There have been no changes in conditional access policies, it just stopped working out of the blue.