Intune: Conditional Access and Microsoft Teams App

If you are using a conditional access policy to block/allow specific apps, you may find yourself unable to sign into Microsoft Teams. Users that fail compliance will see the above error message.

You cannot access this right now. Your sign-in was successful but does not meet the criteria to access this resource. For example, you might be signing in from a browser, app, or location that is restricted by your admin.

Unfortunately this can happen even if Microsoft Teams is explicitly allowed (or not blocked). What should be done?

Well, the thing about Microsoft Teams is that it requires other apps to be open and allowed as well. Specifically:

  • Skype for Business Online
  • Exchange Online
  • Sharepoint Online

So make sure that all these services are allowed and not blocked, and you should be able to get past compliance to authenticate into Microsoft Teams.

Intune: Using Compliance to Block Console Access

A compromised Office 365 administrator account can cause a lot of havoc within a company’s IT infrastructure. One of the ways Microsoft protects its customers is with compliance policies. Above is what you will see if you try to log into an Office 365 console without meeting compliance.

Within Azure, you can configure compliance and conditional access policies. I won’t go into deep detail about every option, but in general these policies work together to allow/block access based off device type, enrollment, and configurations. For example, you may require that any device that connects to Exchange Online must be marked as compliant within Azure.

If you suddenly are unable to log into Office 365 and get a compliance error, make sure to check your conditional access policies. You can even enable/disable each conditional access policy until you find the one causing your problem.