Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
SOLVED

Conditional Access and Intune Protection policy

Steel Contributor

Hello Community, 

 

This question is about Conditional Access and Intune Application Protection policy.

 

What if I have a Conditional Access policy that requires app protection policy applied on devices to access resources using Microsoft Apps (Outlook, Word, Excel, SharePoint, etc.). 

 

What happens when I have a new user created and this user is trying to log into an app on his phone?

The new user won't get the App Protection policy until he logs in however, he can't log in because he has no app protection policy enabled.

 

Could anybody send me a reference or tell about his/her experience?

5 Replies
best response confirmed by mikhailf (Steel Contributor)
Solution

@mikhailf In this type of situation, the user will be guided to gain access anyway. So in this case, app protection is received. The same money if you enforce MFA or Complaince. The user is then guided to get this ready

If this sufficiently answers your question, mark the answer as accepted! :)

Hello @JosvanderVaart,

 

I managed to log into Outlook, however it didn't work with MS Teams.

I got the error message that the app should be protected with an Intune policy. In my environment the App Protection policy is applied for All Microsoft apps (and I believe Teams is a part of this).

 

It also didn't work for Microsoft OneDrive app. 

"The app must be protected with an Intune policy before you can access company data. Please contact your IT help desk for more information".

 

How is it supposed to work?

If the app protection policies and conditonal access rules are right then this configuration would be started after the first authentication. So to answer your question, can you share your configuration with us?
I apologize. The app protection policy was applied only for Outlook. I will switch this to All Microsoft Apps and test again.
1 best response

Accepted Solutions
best response confirmed by mikhailf (Steel Contributor)
Solution

@mikhailf In this type of situation, the user will be guided to gain access anyway. So in this case, app protection is received. The same money if you enforce MFA or Complaince. The user is then guided to get this ready

View solution in original post