Outlook password issues, conditional access and mfa

NP 461 Reputation points
2024-01-18T04:05:22.7933333+00:00

Not sure if this is the right forum / tag We are a hybrid setup, user accounts and laptops are all AD joined We recently setup conditional access policies to require mfa when not on a trusted ip for Outlook, teams etc.. We have found that since doing this, users get the below pop up randomly and if they click OK, instead of 'No, sign in to this app only' it adds their laptop into Work/School in the control panel and users start having random issues where if they are on our network in the office, their Outlook says 'Need Password' which isnt accepted and the only way is to disconnect it from Work/School in the control panel. Can anyone advise on where to start troubleshooting? We ideally dont want them to register the laptop in the Work/School, but this only seems to have started with the Conditional Access with mfa setup User's image

User's image

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,148 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 15,150 Reputation points Microsoft Vendor
    2024-01-18T17:05:01.5166667+00:00

    Hi @NP ,

    Thank you for posting this in Microsoft Q&A.

    Suppose your organization users accidentally clicked ‘Allow my organization to manage my device' option means your device must be registered in Microsoft entra id. They are two ways to fix this popup. 1.Disconnect account from work or school account. Even after you disconnect, you may remain sign in to Microsoft Teams and outlook etc. As you mentioned, I believe you tried this option.

    2.If you’ve admin access in Microsoft Entra ID you can use below steps to remove your device.

    a. Go to Microsoft Entra ID and sign in to your admin account.

    b. Select Users under identity -> Select username -> click Devices.

    c. Then select the devices and check the join type as 'Azure AD registered' is present in the list. If exists select device and click Delete at top. Under Confirm Delete, select Yes.

    In this way, the device must be removed from Microsoft Entra ID, and you should be able to manage it hybrid, like before.

    To fix this popup in the future, I suggest going to this third-party document that will provide assistance. https://msendpointmgr.com/2021/03/11/are-you-tired-of-allow-my-organization-to-manage-my-device/#:~:text=When%20it%20comes%20to%20this%20notification%2C%20we%20don%E2%80%99t,Close%20the%20window%20by%20click%20on%20X.%20

    Hope this helps. Do let us know if you any further queries.

    Thanks,
    Navya


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.