To-do app Azure Conditional Access support

Frequent Contributor

Anyone know if this is coming soon?  We can't use the mobile app since it doesn't support Conditional Access in Azure.

18 Replies
best response confirmed by Joe McGowan (Frequent Contributor)
 Hello Joe
Thank You so much for your valuable suggestion! User feedback and suggestions are really important to us as we work to improve Microsoft To-Do.
Currently we do not have support for conditional Access and Mobile Device Management, but we are actively working on adding this with one of our next versions of application updates.
However you can use our public beta version if you are using android platform .
In the meantime, we encourage all our users to post their ideas for future features and up-vote similar suggestions on "Microsoft To-Do User Voice"  -
We base our choices for future features on what our users most request, so you should add your ideas, comments, and votes!
Thank you for your patience as we work on this and many other improvements to Microsoft To-Do!
Best Regards,
Kiran Teja

@Kiran Thalakokkula


If you could update this thread when this feature is added I would appreciate it!  Thanks again.

Hello Joe


Thank You for your feedback and I will appreciate your patience .

Sure we will update the same thread when this feature is implemented .


Best Regards

Kiran Teja

This has been logged on user voice since 2017 and has over 300 votes. Can we please get a better idea of how long this will take.

Someone in that thread mentions a workaround, can anyone confirm this works for them?
#1 - add the app via Mobile apps, like you would any normal app store app
#2 - whatever your normal iOS or Android base policy, Mobile Apps - App protection policies, Target Apps, click more apps, look at the bottom where you can add the package app (uri)
#2a for iOS add this package app (uri)
#2b for Android add this package app (uri)
#3 - save and test
Good to see this at the top of the list. The whole reason I came to this board to ask this same question! Headed to uservoice now.

FYI: I followed the potential workaround steps but they didn't work.

I still get the "you can't get there from here" message

This has been added to the list of "Approved Apps" on the web page here


but I get the following message when I try to login

"Application used is not an approved application for conditional access. User needs to use one of the apps from the list of approved applications to use in order to get access." 


Does the client need to be updated?

This is great, finally!

It's working for me now on the Insider (beta) version of the Android To Do app

Interesting. Is there anything in your Intune/Conditional Access policies that references To-Do itself?

THis is only working for us on the Insider/beta To Do app at the moment


In our Conditional Access policy it is just set to "require approved client app" in the access controls

I also have To Do added as a Client app in the manage/Apps blade but it isn't assigned to anyone


In our Intune App Protection Policy Ihave added a custom app to the Targeted Apps

For Android policy:

For iOS policy:

The policy settings currently allow them to use any app



Having this same issue. Did you get it resolved yourself?

Hi @fgocinski, yes I got this working. The problem for us was that were using old Conditional Access policies (Classic CA policies). These were hidden in our Azure portal. Once we were able to delete them, To_Do worked fine for us.

We were using the old CA polices as well, and this is what I suspected to be the issue because our CA rules were still working. Where did you end up finding these "Classic Polices"? Nothing is listed when I am under Azure, CA, then "classic polices"... Thank you!

Hi @fgocinski, I had to go through a special link that an Azure/Intune support engineer provided. It took me about six different support people to find one who understood what I was talking about though!


This is the link they provided


Hope it helps.

Well I only had three more engineers left to talk to then I guess! I was talking to #3 and not getting any help. I even told them I suspected old CA rules were the root cause and got nothing. 


Thank you so much David!


This really needs to be on Microsoft's Intune documentation for early Intune adapters.

Yes, I was using the old CA rules that only allowed certain apps access Office 365 services.


What was really annoying was that Azure was telling me I still had Classic CA policies when I did a "What if" check but I couldn't find. I've no idea why they hid these policies. 

Agreed, they hid the polices, yet had a page designed to show the classic polices. Why hide them? Makes NO sense and has taken hours of my life away trying to figure this out.