Conditional Access Exception For Teams not working

Sambhav Sharma 61 Reputation points
2024-09-16T04:02:18.3166667+00:00

Setting up a conditional policy to allow All Cloud Apps only if they meet both the conditions to Grant Access

  1. Require multifactor authentication
  2. Require device to be marked as compliant

Adding Microsoft Teams Services as Excluded App but the policy still blocks Teams .

Is there any way that we can block all cloud apps and exclude Teams from the Policy.

We want to block all access for users if they aren't using the Office devices, however giving them option to use Teams for communication.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,711 questions
{count} votes

Accepted answer
  1. Harpreet Singh Matharoo 8,111 Reputation points Microsoft Employee
    2024-09-18T10:59:11.52+00:00

    Hello @Sambhav Sharma ,

    Thank you for reaching out to Microsoft QnA forum. I would like to confirm that this might not be possible due to service dependency. Since Microsoft Teams is bundle of services and is dependent on various downstream or upstram services like SharePoint, Planner, Exchange, Stream, etc.

    As a best practice, you should set common policies across related apps and services whenever possible. Having a consistent security posture provides you with the best user experience. For example, setting a common policy across Exchange Online, SharePoint Online, and Microsoft Teams reduces prompts that might arise from different policies being applied to downstream services. A great way to accomplish a common policy with applications in Microsoft 365 is to use the Office 365 app instead of targeting individual applications.

    For example, Microsoft Teams can provide access to resources in SharePoint Online. So, when you access Microsoft Teams, you're also subject to any policy that might be applying to any of dependent upstream or downstream service.

    User's image

    For more information, please review following article: https://learn.microsoft.com/en-us/entra/identity/conditional-access/service-dependencies

    I hope this helps. I hope this helps and hence would request you to please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.