@Kiran Thalakokkula

If you could update this thread when this feature is added I would appreciate it!  Thanks again.

Hello Joe

Thank You for your feedback and I will appreciate your patience .

Sure we will update the same thread when this feature is implemented .

Best Regards

Kiran Teja

FYI: I followed the potential workaround steps but they didn't work.

I still get the "you can't get there from here" message

This has been added to the list of "Approved Apps" on the web page here https://docs.microsoft.com/en-gb/azure/active-directory/conditional-access/technical-reference#appro...

but I get the following message when I try to login

"Application used is not an approved application for conditional access. User needs to use one of the apps from the list of approved applications to use in order to get access." 

Does the client need to be updated?

This is great, finally!

It's working for me now on the Insider (beta) version of the Android To Do app

Interesting. Is there anything in your Intune/Conditional Access policies that references To-Do itself?

THis is only working for us on the Insider/beta To Do app at the moment

In our Conditional Access policy it is just set to "require approved client app" in the access controls

I also have To Do added as a Client app in the manage/Apps blade but it isn't assigned to anyone

In our Intune App Protection Policy Ihave added a custom app to the Targeted Apps

For Android policy: com.microsoft.todos

For iOS policy: com.microsoft.to-do

The policy settings currently allow them to use any app

Having this same issue. Did you get it resolved yourself?

Hi @fgocinski, yes I got this working. The problem for us was that were using old Conditional Access policies (Classic CA policies). These were hidden in our Azure portal. Once we were able to delete them, To_Do worked fine for us.

We were using the old CA polices as well, and this is what I suspected to be the issue because our CA rules were still working. Where did you end up finding these "Classic Polices"? Nothing is listed when I am under Azure, CA, then "classic polices"... Thank you!

Hi @fgocinski, I had to go through a special link that an Azure/Intune support engineer provided. It took me about six different support people to find one who understood what I was talking about though!

This is the link they provided 

https://portal.azure.com/?microsoft_aad_iam_classicPolicyDontHide=true#blade/Microsoft_AAD_IAM/Condi...

Hope it helps.

Well I only had three more engineers left to talk to then I guess! I was talking to #3 and not getting any help. I even told them I suspected old CA rules were the root cause and got nothing. 

Thank you so much David!

This really needs to be on Microsoft's Intune documentation for early Intune adapters.

Yes, I was using the old CA rules that only allowed certain apps access Office 365 services.

What was really annoying was that Azure was telling me I still had Classic CA policies when I did a "What if" check but I couldn't find. I've no idea why they hid these policies. 

Agreed, they hid the polices, yet had a page designed to show the classic polices. Why hide them? Makes NO sense and has taken hours of my life away trying to figure this out.