We have a cohort of users who have a conditional access policy applied to them that blocks them accessing Office 365 remotely, unfortunately this also blocks the local office applications on their machines because it won't allow an authentication token to be issued.

I've looked at tweaking the conditional access policy but can't see what it is i have to exclude to allow the authentication to still take place.

Any hep gratefully accepted.