This is also possible in addition to the one-time administrative approval from solution 1. Solution approach 2: Enable Administrator Consent request #Īlternatively, you can activate that users can request the approval of an app. The app should be listed in Azure AD under “Enterprise applications” -> “All applications” now.Īfterwards the users should be able to access their Calendar/Contacts in Exchange Online using iOS. The error AADSTS900561 may be ignored in this case. If you crafted the URL as described in Step 1 and 2, you’ll receive an error now, because the redirect URL points to. The query “Permission requested - Accept for your organization - Apple Internet Accounts” must be confirmed with “Accept”. Step 3: Grant permission as admin for the whole Tenant # The client_id in the URL is the ID of Apple Internet Accounts. The generated URL can then be accessed with Tenant Admin (Global Administrator) rights. The placeholder has to get replaced with the actual TenantID from Step 1 in the following URL. You’ll find it on the “Overview page in Azure Active Directory” (marked red in the following screenshot). Step 1: Find out TenantID #įirst of all you have to find out the Tenant ID of the Azure AD Tenant. Update : It’s usually not necessary anymore to craft the url manually. There are several possible solutions without simply unlocking all third-party apps. This setting should be kept to “No”! The fact that the end user is not allowed to allow any apps (and therefore can’t get ahead here) is exactly what you want to protect company data from unauthorized access. The option is called “Users can consent to apps accessing company data on their behalf”. in Azure AD under “Enterprise applications” -> “User settings”. This recommended setting can be set so that end users cannot simply authorise third-party apps to access company data. The user approval is deactivated tenant wide.No user or administrator approval has yet been granted for Apple Internet Accounts in this tenant.Access to resources of an Office 365 Tenant by a third-party app is only possible after explicit approval. Apple Internet Accounts app is required by Apple iOS to access the user’s Office 365 resources. ![]() The following reasons have caused this message: However, the previous AppID has remained the same. Please ask an admin to grant permission to this app before you can use it.īy the way, the app used to be called “iOS Accounts” and was apparently renamed in early 2020. When the first users logged into Office 365 with his iPhone to sync his Contacts and Calendar, he got this dialogue:Īpple Internet Accounts needs permission to access resources in your organization that only an admin can grant.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |