Troubleshooting Conditional Access On A Device
Issue: Error On First-time Registration with Azure
A user added to the Microsoft Azure Compliance Policy attempts to log into an Office 365 app for the first time on a device. When redirected to register the device with Azure, they receive the following error message:
Something went wrong. An unanticipated error occurred. Your IT department may be able to help.
This is because the user was not allocated the appropriate Microsoft 365 license by their administrator.
Remedy
Procedure
Issue: Non-compliant devices can access Office 365 apps
A user is able to log into Office 365 apps on their device regardless of whether the device is compliant or non-compliant.
This is because the user was not allocated the appropriate Microsoft 365 license by their administrator.
Remedy
Procedure
Issue: Removal of Office 365 Access Not Immediate
A common expectation is that users and/ or devices lose access as soon as the device becomes non-compliant. This is not always the case. Users can lose access on devices registered as Microsoft User Mode. Devices lose access if registered as Microsoft Shared Mode. This is because the Microsoft authorization token refresh interval controls when conditional access changes take affect. A session condition on the conditional access policy determines this. Once the token expires, the user must log into the app again.