Unable to sign in to teams desktop from a registered personal device with unified labelling

%3CLINGO-SUB%20id%3D%22lingo-sub-2027084%22%20slang%3D%22en-US%22%3EUnable%20to%20sign%20in%20to%20teams%20desktop%20from%20a%20registered%20personal%20device%20with%20unified%20labelling%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2027084%22%20slang%3D%22en-US%22%3E%3CP%3EHelp%20hive%20mind!%20We're%20moving%20to%20M365%20from%20google%20and%20when%20setting%20up%20our%20tenant%20with%20unified%20labelling%20it%20seems%20to%20be%20stopping%20us%20signing%20in%20to%20teams%20on%20volunteers%20personal%20devices%20(registered%20with%20endpoint%20manager%20but%20not%20MDM%20or%20MAM%20licensed)%20as%20it%20comes%20up%20with%20an%20error%20that%20the%20device%20isn't%20compliant%20with%20policy.%3C%2FP%3E%3CP%3E%26nbsp%3B%20The%20sharepoint%20admin%20setting%20for%20access%20from%20unmanaged%20devices%20is%20confirmed%20off%20and%20labelling%20policy%20doesn't%20require%20protected%20content%20to%20be%20accessed%20from%20managed%20devices%20only.%20Can%20access%20teams%20via%20browser%20on%20the%20device%20it's%20just%20blocking%20signing%20in%20to%20onedrive%20locally.%20The%20work%20account%20for%20the%20org%20is%20registered%20in%20the%20'work%20accounts'%20section%20and%20the%20device%20has%20an%20id%20showing%20against%20the%20user%20in%20endpoint%20manager%20with%20compliance%20n%2Fa%20as%20it's%20not%20a%20managed%20device.%3C%2FP%3E%3CP%3E%26nbsp%3B%20What%20am%20i%20missing%20here%3F%20We%20have%20a%20small%20group%20of%20senior%20users%20with%20AIP%20rather%20than%20the%20whole%20org%20but%20we'd%20like%20to%20keep%20this%20capability%20for%20them%20whilst%20providing%20convenient%20access%20for%20the%20bulk%20of%20our%20volunteers%20if%20possible.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2027084%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20access%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2027124%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20sign%20in%20to%20teams%20desktop%20from%20a%20registered%20personal%20device%20with%20unified%20labelling%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2027124%22%20slang%3D%22en-US%22%3EHi%2C%20sounds%20like%20you%20already%20have%20the%20answer%20as%20you%20get%20the%20%E2%80%9Dnot%20compliant%20device%E2%80%9D.%20I%20suggest%20you%20go%20through%20the%20CA%20policies.%3CBR%20%2F%3E%3CBR%20%2F%3EAs%20these%20are%20personal%20devices%20they%20are%20AAD%20registered.%20See%20this%20link%20for%20some%20pointers.%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fconcept-azure-ad-register%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fconcept-azure-ad-register%3C%2FA%3E%3C%2FLINGO-BODY%3E
New Contributor

Help hive mind! We're moving to M365 from google and when setting up our tenant with unified labelling it seems to be stopping us signing in to teams on volunteers personal devices (registered with endpoint manager but not MDM or MAM licensed) as it comes up with an error that the device isn't compliant with policy.

  The sharepoint admin setting for access from unmanaged devices is confirmed off and labelling policy doesn't require protected content to be accessed from managed devices only. Can access teams via browser on the device it's just blocking signing in to onedrive locally. The work account for the org is registered in the 'work accounts' section and the device has an id showing against the user in endpoint manager with compliance n/a as it's not a managed device.

  What am i missing here? We have a small group of senior users with AIP rather than the whole org but we'd like to keep this capability for them whilst providing convenient access for the bulk of our volunteers if possible.

1 Reply
Hi, sounds like you already have the answer as you get the ”not compliant device”. I suggest you go through the CA policies.

As these are personal devices they are AAD registered. See this link for some pointers. https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-register