Update: Issue with Azure AD Conditional Access and macOS

News Informatique

Update: Issue with Azure AD Conditional Access and macOS

Following to my previous article that was published the 1st of May, I’m happy to say that a fix is now know for this issue.

Reminder

After an end user updated his MacOS version to 10.15.4, he experienced unexpected access app prompts or blocks to applications such as native mail. The macOS device was enrolled in Intune and there was a conditional access policy requiring a compliant device.

Explanation

Microsoft and Applie discovered that upgrading to macOS 10.15.4 exposed a bug in auth for several apps including mail and calendar (despite existing enrollment or compliance).

Analysis

If you use conditional access on macOS, be aware that not all apps will be available after updating to macOS 10.15.4.

As an admin, if you’re wondering if your end users have run into this known issue, you can tell by validating that :

  1. you have set conditional access rules requiring a compliant device
  2. you’ll likely see conditional access failures in the Azure AD blade under sign-ins. 

Remediation

A fix for this issue will be included in the macOS 10.15.5 Beta. So, upgrade your MacOS 😉

No Comments

Add your comment