Problem with macOS 10.15.4 native mail client and Azure Conditional Access
After updating to macOS 10.15.4, you could experience unexpected access app prompts or blocks to applications such as native mail. The macOS device was enrolled in Intune and there was a conditional access policy requiring a compliant device.
Currently, Microsoft – with the help of Apple – discovered that upgrading to macOS 10.15.4 exposed a bug in auth for several apps including mail and calendar (despite existing enrollment or compliance).
If you currently use conditional access on macOS, be aware that not all apps will be available after updating to macOS 10.15.4.
As an admin, if you’re wondering if your end users have run into this known issue, you can tell by validating that
- you have set conditional access rules requiring a compliant device, then
- you’ll likely see conditional access failures in the Azure AD blade under sign-ins.
Microsoft and Apple are working on a resolution and Micrsoft will update the following post when new information is available :