Configuring the Conditional Access policy for Zoom for Intune

Due to specific configurations within Intune, the Zoom for Intune app may encounter an authentication error associated with error code 530021. This article can show admins how to configure their Intune policies to allow the Zoom for Intune app and resolve this error.

Prerequisites for Conditional Access policy configuration

How to configure Conditional Access policy for Zoom for Intune

Understanding the cause

If Intune admins have configured their Conditional Access with both Require approved client app and Require all the selected controls enabled, then signing-in with the Zoom for Intune app will be blocked, as Zoom is not on the approved client app list, for which only Microsoft applications are eligible.

Create a custom Conditional Access policy

The following steps will create a Conditional Access policy requiring an approved client app or an app protection policy when using an iOS/iPadOS or Android device. This policy will also prevent the use of Exchange ActiveSync clients using basic authentication on mobile devices. This policy works in tandem with an app protection policy created in Microsoft Intune.

Admins can choose to deploy the policy outlined below, or by using a Conditional Access template (Preview).

  1. Sign in to your Azure account with admin privileges.
  2. At the top of the page, use the search bar to find Azure AD Conditional Access.
  3. Click Create New Policy.
  4. Provide a name for the new policy.
    Note: Microsoft recommends admins create a meaningful standard for the names of their policies.
  5. Click the Users section:
    • Under Include, select All users.
    • Under Exclude, select Users and groups and exclude at least one account to prevent yourself from being locked out. If you don't exclude any accounts, you can't create the policy.
  6. Click the Cloud apps or actions section.
    • Under Include, select All cloud apps.
  7. Click the Conditions section.
    • Select Device platforms to open this panel.
      • Set Configure to Yes.
      • Under Include, choose Select device platforms.
      • Choose Android and iOS
    • Click Done to save the changes.
  8. Under the Access controls section click Grant.
    • Select Grant access.
    • Select Require approved client app and Require app protection policy options.
    • Under the For multiple controls section, select Require one of the selected controls.
    • Click Select to save these changes.
  9. Review your settings and set Enable policy to Report-only.
  10. Select Create to finalize your policy.
  11. After confirming your settings using report-only mode, change the Enable policy from Report-only to On.

With this policy in place, the Zoom for Intune app should have no issues with authentication.