Jun 28 2017 02:01 AM
Hello,
We are trying to log on the Stream Portal but we always get the error :
I have checked on the Azure Portal and we have no conditional access policies in the enterprise applications. I have checked with the people responsible for Intune and they don't have set any policies yet.
My license is Office 365 E5.
Can someone tell me where we have to look ?
Thanks for your help
Marc
Jun 28 2017 02:15 AM
Hi Marc,
Is there really no Conditional Acces policy configured for any of your services in the Azure Portal?
COuld you send me a screenshot of your conditional access tab in the Azure Portal please?
BR
Stephan
Jun 28 2017 07:12 AM
Hello Stephan,
Here is a screenshot of the conditional access - policies :
We noticed also that we experience the same problem with the Teams Portal, exact same error.
Regards,
Marc
Jun 28 2017 10:38 AM
HI Marc,
These are just the AAD CA rules.
Could you browse to the Intune CA rules page under https://portal.azure.com/#blade/Microsoft_Intune_DeviceSettings/ExchangeConnectorMenu/aad/connectorT... and send me screenshot?
Regards
Jun 28 2017 11:08 PM
Hello Stephan,
Well the problem is worse today, I can't even sign in on TechCommunity, I had to use my personnal account.
I went to the Intune part and there are a lot of errors.
Here are the screenshots :
The error message is :
{ "error": { "code": "UnknownError", "message": "{\"ErrorCode\":\"Forbidden\",\"Message\":\"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 0d77d326-9228-4708-8bf5-6f1cf54add5f - Url: https://fef.msub03.manage.microsoft.com/StatelessAppMetadataFEService/deviceAppManagement/mobileApps... - CustomApiErrorPhrase: \",\"Target\":null,\"Details\":null,\"InnerError\":null,\"InstanceAnnotations\":[]}", "innerError": { "request-id": "6ad512c6-58a7-405d-937e-1107efce2d50", "date": "2017-06-29T05:47:16" } }}
Thanks again for your help
Marc
Jun 28 2017 11:16 PM
Ok seems that your Intune tenant is not migrated to the new Azure portal atm.
Please browse to https://admin.manage.microsoft.com/ and go to policies - conditional access and send me a screenshot from your CA policies please..
Regards
Jun 29 2017 12:08 AM
Stephan,
Yes, there was indeed a policy :
I configured my account in an exempt group and bingo.... everything is working (at least I can login in Stream, Teams now)
Thanks for putting me on the right track, our Intune admins had looked multiple times saying there was nothing....
Many thanks
Marc
Jun 29 2017 12:34 AM
Glad to hear!
Have fun using Stream and Teams!
BTW you could checkout this post http://www.cloudguy.pro/posts/204 on how to use Stream inside Teams...
Regards
Jun 29 2017 12:55 AM
May I ask you one last question ?
Our management doesn't want us to allow the use of ExchangeOnline/OutlookOnline but why does Stream, Teams etc... needs the user to have access to Exchange Online ?
Thanks for the link it will certainly be of a great help as I am totally new in all of this :)
Marc
Jun 29 2017 01:40 AM
Well many of your user properties are stored in your Exchange Online mailbox profile.
That's why all services may connect to Exchange Online or SharePoint Online at some point.
So you have to be careful with your CA policies ;)
BR
Jun 29 2017 06:01 AM
Thanks Stephan, we learn indeed the hard way to be cautious with policies :)
Regards
Marc
Feb 14 2021 06:35 AM