Forum Discussion
Weird Teams Conditional Access problem
Hi all,
I have a customer who has a restriction that only certain people are allowed access to Teams (and dependent 365 services) outside of the office locations on mobile devices.
This would normally be a straightforward rule, exclude the 'Office 365' group from a block policy for the group, create an affirmative policy requiring MFA for the 'Office 365' group of apps.
For some reason Teams isn't matching in the policy set for either the exclusion or the target policy.
In the conditional access logs it references an application called "Microsoft Teams Services" as the sign-in, this isnt something that can be selected for a Conditional Access policy to apply to. The CA logs also mention that Teams needed access to "M365 Tenant Feedback" although I suspect thats a red herring.
Has anyone else come across issues with excluding Teams (as part of 'Office 365' group or indepdently) from an 'all applications' block policy? or in targeting Teams as in a policy to 'require MFA' or other session control?
The user is accessing from an iOS device using the teams app.
4 Replies
Peter Holland We having same issue in our tenant. Its started couple of weeks ago, only on iOS device. We are using Office 365 apps exclusion in one of our BYOD CA Rule and we also noticing M365 Tenant Feedback in the logs when the connection is blocked but it shouldn't because Teams application should be excluded from the CA rule.
- I've asked one of our engineers to raise a ticket with Microsoft on this.
Peter Holland Hey mate, did you get any response from Microsoft or a workaround? We're having the same issue but Microsoft is just ignoring our tickets.
