InTune and Azure AD Conditional Access
I see that you've added Teams to the list of managed applications for mobile devices. Can you now add it to the list of conditional access applications?
We know this has been an ask for a while now and it is now being released!
The macOS app for Microsoft Teams now supports device-based conditional access for Azure Active Directory and Intune. This enables IT admins to manage macOS devices with Intune and create policies to secure the data in Teams and prevent leakage on untrusted devices. Using conditional access policies, organizations can for example restrict access to Teams to devices that comply with the company’s security policy or require multi-factor authentication.
You can read more about it on the Teams’ blog.
Thank you for your feedback! -Warren
8 commentsComments are closed
This is still an issue for my organization. It also does not work with Forms, which was released this weekend.
Are there any official updates regarding this?
Signing in to Planner from within Teams is blocked when Conditional Access for Exchange / SharePoint Online is active.
The sign-in thinks you are using Chrome and asks you to install the Chrome extension (sign-in still doesn't work, even if the extension is installed and sign-in in Chrome works).
It's a shame when Microsoft products don't support their own security measures like Conditional Access. Teams used to have more issues with Conditional Access that have been mostly fixed, please let us know if you are aware of this Planner issue and if you are working on a fix.
Jeff Olive commented
What's the latest news from MS on when Teams for iOS and Android will be a supported Conditional Access app?
Need the ability to require MFA for the Teams Mobile app.
Our team is trying to move users from Slack to Teams. With EMS unable to handle Teams, we are unable to move forward. Additionally, as Slack becomes more embedded, it will be that much harder to replace.
I have the same issue, working in a financial institution we have to use conditional access for SpO and ExO but it kills iOS and android app access for both Groups and Teams. Groups I can live without as conversations can be seen on outlook (now) and files etc through SharePoint and Onenote. Teams however is the only place I can get to chat conversations which can be critical when on the road. I am somewhat surprised that the mobile app hasn't been built from the outset to work in with CA. I am having conversations with MS in NZ on this who seem to share my frustration.
We are working on what you've asked for. Curious to know about the bad experience you had in the iOS and Android Apps (when you're device is registered but you still get an error...) Please share more details or file a ticket with Microsoft.
Louis Simonetti commented
When azure active directory service based conditional access is applied to SharePoint online and exchange online, the teams windows desktop application does not fully work with the planner tab. Then, there is also an issue where the IOS and Android applications have the error message that even though the device is compliant or registered in Intune, the message states the administrator has not approved this application. However, when using an account not in the conditional access policies, all application platforms work as one would expect. So, either add teams to azure active directory as a SaaS solution, unique from the other products, or fix the mobile clients and planner integration when device based conditional access is applied.