I have a Conditional Access Policy that requires a device be compliant to access the resource.
As the title states I have a CAP that requires a device to be compliant to access the resource. Most of the devices fail when trying to access Exchange Online using the native mail app, but does pass when using the Outlook App.
When authenticating I am brought to a login.micorsoft.com webpage and it just seems to be stuck in a loop.
- Application: Apple Internet Accounts
- Resource: Office 365 Exchange Online
. Here is one example, but follows a pattern for these devices.
Device A: Enrolled and Compliant in Intune and fails the CAP
Device B: Enrolled and Compliant in Intune does not fail the CAP.
When looking at the sign-in event under Device Info:
Device A:
- Device ID: <Blank>
- Browser: Mobile Safari 26.3
- Operating System: iOS 18.7.0
- Compliant: No
- Managed: No
- Join Type: <Blank>
Device B:
- Device ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
- Browser: Mobile Safari 26.4
- Operating System: iOS 18.7.0
- Compliant: Yes
- Managed: Yes
- Join Type: Azure AD registered
In Intune there is a Intune ID and a Microsoft Entra ID.
In Entra I do see the device Enabled = Yes & Compliant = Yes
I hope someone has some insight to this.