What does “your sign-in was successful but your admin requires your device to be managed” mean?

If you’ve tried to sign into your Microsoft 365 account and seen this message, “your sign-in was successful but your admin requires your device to be managed,” then you might want to know what it means. So, in this guide, we will tell you what it means and how to solve it.

What does “your sign-in was successful but your admin requires your device to be managed” mean?

If you face an error message when signing-in to Microsoft 365 that states, “your sign-in was successful but your admin requires your device to be managed” it means your login credentials are correct, but you don’t have permission to use your current device.

To solve the error, you will need an Azure Admin to grant access to your device or exclude network access by IP instead of devices.

In this blog, we will show you how to resolve this error and see if you can lift restrictions on unmanaged devices to allow access.


How to fix the error “your sign-in was successful but your admin requires your device to be managed” in Microsoft 365

  1. First, sign in to your Office 365 account.
  2. Use the app launcher and navigate to “Admin.
  3. In the admin dashboard, under “Admin centers,” click on “Azure Active Directory” (you may need to click “Show all” to view all admin centers).
  4. In the Azure Active Directory, click on “All services.
  5. Now scroll down the list and click on “Azure AD Conditional Access” in the “Security” group.
  6. Select the restriction policy.
  7. Finally, either delete the policy or refine settings to exclude network access by IP instead of devices.

Network IP restrictions will apply to certain IP addresses and only allow access to the ones that are allowed access. You can still maintain security however, IP restrictions often may be quite difficult to manage correctly especially if you have hundreds of devices on your server all needing to be connected. You can import an IP list if needed and Microsoft is aware a lot of devices may need to be connected by IP.

azuredevs

Empower your devs with DevSecOps
Give your devs the tools they need to create & deliver secure, innovative applications quickly and collaboratively.

Get expert help migrating & modernising
Set up your cloud environment confidently with help from the Azure Migration & Modernisation Programme.
azure windows30 day FREE trial

Follow these steps to restrict IP addresses

  • Click on “New Policy.”
  • Name the policy.
  • Assign the users you want to block to this policy.
  • Now under “Access controls,” the grant should be “Block access.”
  • Set “Enable policy,” report to “On.”
  • Finally, click on “Save.

That’s all; anonymous IPs access to your server has been properly limited. You won’t be able to provide the user Office 365 access until the policy is removed, which will safeguard your account against anonymous users. These useful capabilities in AzureAD allow administrators to have greater control over how users interact with their domains. This level of control not only offers administrators more control and administration over their users, but it also improves data security by denying access inside your domain, reducing the risk of classified information being leaked.

security office365 windows 11
info Recommended Software

Remove restrictions on unmanaged device access to fix the managed device sign-in error

Users with administrator positions can limit access on unmanaged devices or give access back by removing them from, by following the methods outlined below. If these devices are totally prohibited, they will have no access to the app or the web app; if the “Allow limited web-only access” option is enabled, they will have extremely limited access. Both of the choices below will limit downloads as part of the restricted functions’ goal responsibilities on unmanaged devices. This will also prevent access to an account despite being a successful sign-in. Follow the steps below to remove restrictions from unmanaged devices.

  • First, sign in to your Office 365 account.
  • Use the app launcher and navigate to “Admin.”
  • Click on “Show All” to reveal “Admin centers.”
  • Here, click on “SharePoint.”
  • Under “Policies” click on “Access control.”
  • Click on “Unmanaged devices.”
  • Click “Allow full access” or “Allow limited web-only access,” both will allow you successfully sign in.
  • Then click on “Save.”
surface pro 8Surface Go 3surface pro 8

Impact on applications

Access and download restrictions may have an impact on the user experience in specific programs, including Microsoft Office products. We propose that you enable the policy for a few users and test the experience with your company’s apps. When your policy is turned on in Office, be sure to examine the behavior in Power Apps and Power Automate.

Apps that use an ACS app-only access token are blocked by default for new tenants. The Azure AD app-only architecture, which is more contemporary and secure, is recommended. However, by running set-potent -DisableCustomAppAuthentication $false’, you may modify the behavior (needs the latest SharePoint admin PowerShell).


How to fix the error “your sign-in was successful but your admin requires your device to be managed” (in-depth process)

Step by step breakdown:

Use your account details or if you have a current Skype account with the Office account in question, you can use this.

  • Use the application launcher to navigate towards “Admin.”

The launcher is illustrated by nine dots in the right corner, click on it and find “Admin” as shown above.

  • In the admin dashboard, under “Admin centers,” click on “Azure Active Directory” (you may need to click “Show all” to access).

In this example “Azure Active Directory” was pinned to the menu bar, however, in your dashboard you may need to click on “Show all” which will bring you to the Azure Active Directory panel.

  • Click on “All services.”
  • Now click on “Azure AD Conditional Access.”
  • Select the restriction policy.
  • Finally, either delete the policy or refine settings to exclude network access by IP instead of devices.

That’s it for this Blog thank you for taking time out to read our content, please feel free to email our team about how it went if you followed the steps or if you need more help with the questions we answered in this Blog.

Need help? This is a free service for Business Tech Planet readers. Pop in your problem below and we'll be in touch soon!

Saajid Gangat

Saajid Gangat has been a researcher and content writer at Business Tech Planet since 2021. Saajid is a tech-savvy writer with expertise in web and graphic design and has extensive knowledge of Microsoft 365, Adobe, Shopify, WordPress, Wix, Squarespace, and more! You can connect with Saajid on Linkedin.

Recent Posts