Article ID: 2619789 - View products that this article applies to.
After you apply an Active Directory Federation Services (AD FS) client access policy, federated users experience one of the following symptoms when they try to access Office 365, Microsoft Intune, or Microsoft Azure:
To work around this issue, remove the client access policy from the AD FS federation server on the primary node in the AD FS federation server farm. To do this, follow these steps:
Resolution 1: Implement an AD FS federation server proxy as part of the identity federation architectureFor more info about how to implement AD FS 2.0 federation services, go to the following Microsoft website:
Plan for and deploy Active Directory Federation Services 2.0 for use with single sign-on
Resolution 2: Check the client access policyCheck that the client access policy was applied correctly. For more info, go to the following Microsoft TechNet website:
Limiting Access to Office 365 Services Based on the Location of the ClientFor help in setting up client access policy rules in AD FS SSO, contact Office 365 technical support.
This issue may occur if one of the following conditions is true:
Still need help? Go to the Office 365 Community
(http://community.office365.com/)website or the Azure Active Directory Forums
Article ID: 2619789 - Last Review: December 12, 2014 - Revision: 16.0