Warning: PIM disconnects users from Teams Mobile

Iron Contributor

I have been working with Microsoft Support on this issue for three months. Hopefully I can save others the trouble.

 

Sometime around April 2024, I and my colleagues started seeing regular alerts on our mobile devices saying "Open Teams to continue receiving notifications for <email address>", or "<email address> needs to sign in to see notifications". Just as promised, after this message appears, we do not get notified about messages and Teams calls do not ring on our mobile devices until we open Teams. We eventually determined that these alerts coincided with activating or deactivating PIM roles.

 

Apparently, a change was made to Privileged Identity Management in Microsoft Entra ID around that time whereby users' tokens are invalidated when a role is activated or deactivated. Quoting the Microsoft Support rep:

 

"When a user's role changes (either due to activation or expiration), Skype AAD[?] will revoke existing tokens of that users. Skype AAD will also notify PNH about that token revocation. This is expected behavior and is working as designed. These changes were rolled out in Skype AAD in April/May 2024 which is since when you are facing the issue as well."

 

Anyway, as far as I can tell, this change was not announced or documented anywhere, so hopefully this message will show up in the search results of my fellow admins who are dealing with this. 

3 Replies
Hi, for a time I confirm that we also had this issue; however, for the past 1/2 month it no longer occurs.

Hi @micheleariis, and thanks for confirming. Interesting that it's no longer occurring for you.

If anyone else is not impressed with this new "feature", I would encourage you to vote on my submission to the Azure feedback portal: Allow the Teams mobile app to stay connected when activating a PIM role · Community (azure.com)