Jul 20 2023 04:20 AM
Hi all,
I have a customer who has a restriction that only certain people are allowed access to Teams (and dependent 365 services) outside of the office locations on mobile devices.
This would normally be a straightforward rule, exclude the 'Office 365' group from a block policy for the group, create an affirmative policy requiring MFA for the 'Office 365' group of apps.
For some reason Teams isn't matching in the policy set for either the exclusion or the target policy.
In the conditional access logs it references an application called "Microsoft Teams Services" as the sign-in, this isnt something that can be selected for a Conditional Access policy to apply to. The CA logs also mention that Teams needed access to "M365 Tenant Feedback" although I suspect thats a red herring.
Has anyone else come across issues with excluding Teams (as part of 'Office 365' group or indepdently) from an 'all applications' block policy? or in targeting Teams as in a policy to 'require MFA' or other session control?
The user is accessing from an iOS device using the teams app.
Jul 24 2023 10:59 AM - edited Jul 24 2023 11:03 AM
@Peter Holland We having same issue in our tenant. Its started couple of weeks ago, only on iOS device. We are using Office 365 apps exclusion in one of our BYOD CA Rule and we also noticing M365 Tenant Feedback in the logs when the connection is blocked but it shouldn't because Teams application should be excluded from the CA rule.
Jul 25 2023 09:36 AM
Aug 06 2023 11:43 PM
@Peter Holland Hey mate, did you get any response from Microsoft or a workaround? We're having the same issue but Microsoft is just ignoring our tickets.
Aug 16 2023 05:43 AM