This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 25%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Copilot iOS fails against conditional access with a failure reason of : Application does not meet the conditional access approved app requirements.
Application used is not an approved application for conditional access. User needs to use one of the apps from the list of approved applications to use in order to get access. To see a list of approved apps, see https://learn.microsoft.com/entra/identity/conditional-access/concept-conditional-access-conditions#approved-client-app-requirement.
I expected Copilot to be on the list of approved Apps, has anyone else seen this
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.
Issue:
The Copilot iOS app fails against Conditional Access
Solution:
Issue resolved by @Gerry Murphy
MS is moving all of the copilot features into the Office app, so there is no standalone app any longer.
Sharing an article for reference: https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-windowsai The link to turn off Windows copilot is explained towards the bottom of the article.
The entry point for copilot is now the 365 app. That is what you need to set to the policy around. There are a bunch of changes going with this now https://techcommunity.microsoft.com/blog/windows-itpro-blog/enhanced-data-protection-with-windows-and-microsoft-copilot/4246428
If I missed anything please let me know and I'd be happy to add it to my answer, or feel free to comment below with any additional information. Thank you again for your time and patience throughout this issue.
Thanks,
Navya.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Thank you for posting this in Microsoft Q&A.
I understand that you are facing an issue with the Copilot iOS application failing against a Conditional Access policy.
It appears that the Copilot application is not listed in the approved applications for your organization.
To see which applications are listed in the approved apps, you can visit this link: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-grant#require-approved-client-app.
Your administrator can add Copilot to the list of approved apps so that you can access it without any issues.
For more information, you can visit this link: https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-all-users-approved-app-or-app-protection#require-approved-client-apps-or-app-protection-policy-with-mobile-devices.
We recommend that administrators put this policy in report-only mode to determine the impact it will have on existing users. Once administrators are comfortable that the policies apply as intended, they can switch to "On" or stage the deployment by adding specific groups and excluding others.
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Navya,
Thanks for looking at this, it seems that Copilot is not listed as an App. Our CA policy already has Require Approved App and Require App protection policy, see attached pic. I am thinking of removing Required client App and just have Require App protection policy, the iOS devices are BYOD.
It seems that Copilot has not been added as an App.
Thanks - Gerry
Thank you for following up on this!
I understand that you are considering removing the "Require Approved App" condition from your Conditional Access policy since Copilot is not listed as an approved application. Have you tested it out? If you have any further updates on this issue, please feel free to post back.
Hi Navya,
Yes, running testing this week and will post again with the results, thanks.
Regards - Gerry
Just checking in to see is there any updates on this issue.
Hi Navya,
Thanks for following up, After removing the Required App Grant condition and just using the Require App Protection Policy the issue remains. While the Copilot App does not login the Microsoft 365 iOS App logs in and has a Copilot tab which works much the same way as the full Copilot App. Maybe this is Microsoft's solution for corporates. I have opened a support call also with our Microsoft CSP to see if they can check this idea with Microsoft directly.
Thanks - Gerry
Thank you for sharing the update on this issue. If you have any support ticket number, please share with us so that I can track the status.
Hi Navya,
Just got this response from our CSP and wanted to share it with you and the community:
While we were in discussion on this got to know that MS is moving all of the copilot features into the Office app, so there is no standalone app any longer.
Sharing an article for reference:
-- https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-windowsai
The link to turn off Windows copilot is explained towards the bottom of the article.
The entry point for copilot is now the 365 app. That is what you need to set to the policy around. There are a bunch of changes going with this now:
Regards - Gerry
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 61%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
@Gerry Murphy Thanks for your kindness to share this information.