Cannot login into Stream - You can't get there from here

Copper Contributor

Hello,

We are trying to log on the Stream Portal but we always get the error :

stream01.jpg

I have checked on the Azure Portal and we have no conditional access policies in the enterprise applications. I have checked with the people responsible for Intune and they don't have set any policies yet.

My license is Office 365 E5.

Can someone tell me where we have to look ?

Thanks for your help

Marc

 

11 Replies

Hi Marc,


Is there really no Conditional Acces policy configured for any of your services in the Azure Portal?

COuld you send me a screenshot of your conditional access tab in the Azure Portal please?

 

BR
Stephan

Hello Stephan,

Here is a screenshot of the conditional access - policies :

stream02.jpg

 

We noticed also that we experience the same problem with the Teams Portal, exact same error.

 

Regards,

Marc

 

HI Marc,

 

These are just the AAD CA rules.

Could you browse to the Intune CA rules page under https://portal.azure.com/#blade/Microsoft_Intune_DeviceSettings/ExchangeConnectorMenu/aad/connectorT... and send me screenshot?

 

Regards

Hello Stephan,

Well the problem is worse today, I can't even sign in on TechCommunity, I had to use my personnal account.

I went to the Intune part and there are a lot of errors.

Here are the screenshots :

intune01.jpgintune02.jpgintune03.jpg

The error message is :

{  "error": {    "code": "UnknownError",    "message": "{\"ErrorCode\":\"Forbidden\",\"Message\":\"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 0d77d326-9228-4708-8bf5-6f1cf54add5f - Url: https://fef.msub03.manage.microsoft.com/StatelessAppMetadataFEService/deviceAppManagement/mobileApps... - CustomApiErrorPhrase: \",\"Target\":null,\"Details\":null,\"InnerError\":null,\"InstanceAnnotations\":[]}",    "innerError": {      "request-id": "6ad512c6-58a7-405d-937e-1107efce2d50",      "date": "2017-06-29T05:47:16"    }  }}

 

Thanks again for your help

Marc

 

Ok seems that your Intune tenant is not migrated to the new Azure portal atm.

Please browse to https://admin.manage.microsoft.com/ and go to policies - conditional access and send me a screenshot from your CA policies please..

Regards

Stephan,

Yes, there was indeed a policy :

intune04.jpg

 

I configured my account in an exempt group and bingo.... everything is working (at least I can login in Stream, Teams now)

Thanks for putting me on the right track, our Intune admins had looked multiple times saying there was nothing....

Many thanks

Marc

Glad to hear!

Have fun using Stream and Teams!

BTW you could checkout this post http://www.cloudguy.pro/posts/204 on how to use Stream inside Teams...

Regards

May I ask you one last question ?

Our management doesn't want us to allow the use of ExchangeOnline/OutlookOnline but why does Stream, Teams etc... needs the user to have access to Exchange Online ?

 

Thanks for the link it will certainly be of a great help as I am totally new in all of this :)

 

Marc

 

Well many of your user properties are stored in your Exchange Online mailbox profile.

That's why all services may connect to Exchange Online or SharePoint Online at some point.

So you have to be careful with your CA policies ;)


BR

Thanks Stephan, we learn indeed the hard way to be cautious with policies :)

 

Regards

 

Marc