This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 88%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJA%3C/text%3E%3C/svg%3E)
Hello,
I have created a Conditional Access policy with the following settings:
Target Resources: All cloud apps
Conditions: Client apps (Configure: Yes) and they're all selected.
Grant: Require authentication strength
And I have created a custom authentication strength that asks for the password and a push notification to the Microsoft Authenticator App.
However, the issue is that when the policy is enabled, users are automatically signed out of their Microsoft Apps (Teams, Outlook)
And when trying to sign is they get the error message attached.
Does anyone know why and how can I fix this please?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 48%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
I managed to fix this after couble of days of fighting, by revoking MFA sessions and requestiiong re-register MFA in Entra for the problematic user