This is a problem we’re aware of and working on how best to address this use case.
ThanksNick Donovan supported this idea ·Nick Donovan commented
I don't know if I'm also having a similar issue. Currently we are trying to build a LOB application for iOS. I am using MS Authenticator to handle to brokering of the authentication for my LOB app to Azure. We would like to use this app on both MDM and MAM-WE devices. We have the two options ticked in our conditional access policy which grant access: 'Require device to be marked as compliant' or 'Require approved client app'. Either of these will grant access from our CA policy.
Obviously coming from a MAM-WE device then the device will not be compliant as it is not enrolled. However if I turn this option off then I will be presented with: "You can't get there from here. It looks like you are trying to open this resource with an app that hasn't been approved by your IT department. Ask them for a list of approved apps." This comes from the second option in my CA policy. I am receiving this message from a web view within the MS Authenticator iOS app.
If MS Authenticator gets added as an approved app will this CA policy pass and let me access my LOB app?
Been struggling to find something about this.