This blog is part of a series on Teams. For more articles, check back often
Written: 26/12/2021 | Updated: N/A
This blog will cover
- End user experience
Note this blog may have some abridged steps which will assume some experience with a Microsoft 365 environment and Azure AD
- Azure AD Premium P1, P2, EMS E3, or EMS E5 subscription
- Global Administrator, Security Administrator or Conditional Access Administrator role
- Terms of Service PDF (Font is recommended at size 24 for mobile)
1.) Login to https://login.microsoftonline.com
2.) From the waffle, or from the left app rail, select Admin
3.) In the Microsoft 365 admin centre, from the left navigation, select Show All and then Azure Active Directory
4.) From the left nav, select Azure Active Directory
5.) Select Identity Governance
7.) Select New Terms
9.) Upload the PDF and set the default language. Add languages if required
11.) Set Require Users to consent on every device to On if you want to ensure that users accept on every device they are accessing the service
13.) Finally, under Conditional Access select Custom Policy, then select Create
14.) Add a Conditional Access Policy as follows, Provide a Name, assign to All Cloud Users and All Cloud Apps and then under Grant select the Terms of Service you just created. Once done, Enable the policy and then select Create. Of course, at this point you could also add other things to your Conditional Access Policy such as enforcing MFA, or simply make the conditional access apply only to an app such as Microsoft Teams
Important Note: You do not want to lock yourself out. If you are applying a conditional access policy to all users its really important here to apply an exception to a service account with global administrator permissions just in case something goes wrong so you can easily modify/remove the policy if needed
END USER EXPERIENCE
Here it is when logging into the Microsoft Teams Desktop App. Scroll to the bottom and Accept
Here it is when logging into https://login.microsoftonline.com via Edge. Scroll to the bottom and Accept
Access is now resumed to Teams (Desktop App) and the Microsoft 365 admin portal (Browser)
1.) Return to Azure Active Directory and select Identity Governance
- A device can only be joined to one tenant.
- A user must have permissions to join their device.
- Azure AD B2B users are not supported.
If the user’s device is not joined, they will receive a message that they need to join their device. Their experience will be dependent on the platform and software
A: The user would have to sign in again and accept the terms in order to get access
Q: What happens if I’m also using Intune terms and conditions?
A: The user will be required to accept both