New SaaS app blocked because device platform not recognized
Scenario
A newly onboarded application fails under Conditional Access because sign-ins do not present expected device conditions.
Emergency policy exclusion removed during tenant cleanup
Scenario
A policy cleanup removed a critical exclusion and now an admin-only path is blocked.
Session sign in frequency policy causes repeated app prompts
Scenario
Users authenticate successfully, but desktop apps prompt far more often after a session control change.
Require compliant device policy blocks macOS browser sessions only
Scenario
macOS users in browsers are blocked while Windows users pass the same policy without issue.
Service desk excluded from MFA but registration campaign still interrupts
Scenario
Help desk staff are exempt from some MFA policies, but a registration campaign or security prompt still blocks onboarding work.
Guest users can access Teams but blocked from SharePoint
Scenario
External guests join Teams successfully, yet file access through SharePoint links fails under the same collaboration scenario.
Trusted location configured but travel users still blocked
Scenario
Users at approved sites sign in fine, but traveling staff routed through company VPN or mobile carriers are unexpectedly blocked.
Conditional Access blocks service account unexpectedly
Scenario
An automation workflow stops after a Conditional Access change begins applying MFA or device requirements to a service identity.