Conditional Access blocking Microsoft Store for Business apps deployed through Intune
When a Conditional Access Policy is configured to block All cloud Apps if the Win10 device is NOT compliant, this significantly delays installations from the Microsoft Store for apps like 'Company Portal'. In addition, if the compliance also requires Bitlocker to be in place, at least one reboot is required, further delaying initial machine setup.
I believe the cloud app in question is called 'Universal Store Service APIs and Web Application'. I have raised and identified this issue with MS support in the case number 118070218497552.
Ask: Please flight the cloud app(s) in question for Conditional Access. Currently it cannot be exempted.
On a related note, the following Intune related components suffer from the same limitation:
- Windows 10 Activation and step-up from pro to Enterprise
- Intune Management Extension aka Sidecar (used to deploy PowerShell and Win32 apps). Raised this in case 118110125001513.
Sascha Reichhardt commented
same problem. In a Autopilot Enrollment, Company Portal Installation fails.
I have a customer who wants to apply CA policies directly to the MSSfB to require a device be HAADJ.
Facing the same issue.