When you open Outlook on your iPhone or Android phone, you might see a screen that says your account is blocked. This typically happens because your organization uses Conditional Access policies in Microsoft 365. These policies require specific conditions, such as a compliant device or the Microsoft Authenticator app, before you can access work email. This article explains why this screen appears and provides the steps to resolve it.
Key Takeaways: Resolving the Outlook Mobile Account Blocked Screen
- Microsoft Authenticator app registration: Register your device in Azure AD to satisfy a Conditional Access policy that requires multi-factor authentication or device compliance.
- Company Portal app for device enrollment: Install the Company Portal app on Android or iOS to enroll your device in Mobile Device Management and meet compliance requirements.
- Browser-based sign-in fallback: Use the browser link on the blocked screen to sign in and complete policy checks if the Outlook app cannot process them directly.
Why the Account Blocked Screen Appears in Outlook Mobile
The Account Blocked screen is not an error. It is a security response triggered by a Conditional Access policy set by your IT administrator. Conditional Access is a feature in Azure Active Directory that enforces rules before granting access to company resources. For Outlook Mobile, common policy requirements include:
- Multi-factor authentication using the Microsoft Authenticator app
- Device compliance, such as having a passcode or encryption enabled
- Device enrollment in a Mobile Device Management system like Microsoft Intune
- Approved client app usage, meaning only Outlook is allowed
When Outlook Mobile detects that your device does not meet one or more of these conditions, it displays the blocked screen. The screen usually includes a button or link labeled “Try signing in with a browser” or “More details.” This is the starting point for resolving the block.
Steps to Resolve the Account Blocked Screen on Outlook Mobile
Follow these steps in order. Each step addresses a common policy requirement. Stop when Outlook opens successfully.
Step 1: Sign In Using the Browser Option
- Tap the browser sign-in link
On the Account Blocked screen, tap the link that says “Try signing in with a browser” or “More details.” This opens your default mobile browser. - Enter your work email address
Type your full email address and tap Next. - Complete the sign-in prompts
You will be asked to authenticate. This may include entering your password, approving a notification in the Microsoft Authenticator app, or entering a verification code sent via SMS. Follow the on-screen prompts. - Return to Outlook
After successful authentication, the browser will show a message that you can close the tab and return to Outlook. Switch back to the Outlook app. The blocked screen should disappear and your mailbox should load.
Step 2: Install and Register the Microsoft Authenticator App
If the browser sign-in did not resolve the block, your policy likely requires the Microsoft Authenticator app for multi-factor authentication or device registration.
- Install Microsoft Authenticator
Open the App Store on iOS or Google Play on Android. Search for “Microsoft Authenticator” and install the app by Microsoft Corporation. - Open Authenticator and add your work account
Launch the app. Tap the plus icon or Add account. Select Work or school account. Follow the prompts to sign in with your work email and password. - Complete device registration
During the setup, Authenticator will ask to register your device in Azure AD. Tap Register or Allow. This satisfies the device registration requirement. - Return to Outlook
Close and reopen Outlook. The blocked screen should be gone. If it persists, force close Outlook and reopen it.
Step 3: Enroll Your Device Using Company Portal
Some policies require full device enrollment in Mobile Device Management. This is done through the Company Portal app.
- Install Company Portal
On your device, open the app store and search for “Company Portal” by Microsoft Corporation. Install the app. - Open Company Portal and sign in
Launch the app. Enter your work email address and password. Tap Sign in. - Enroll your device
Company Portal will detect that your device is not enrolled. Tap Begin or Enroll. Follow the steps to allow device management. This may include setting a device passcode or allowing the app to access device settings. - Wait for compliance check
After enrollment, Company Portal will check your device against your organization’s policies. This can take up to a minute. Once complete, you will see a green checkmark indicating your device is compliant. - Return to Outlook
Close Outlook completely, then reopen it. The blocked screen should no longer appear.
Step 4: Check Device Compliance Settings
If enrollment succeeded but the block remains, your device may not meet compliance settings. Common requirements include:
- A device passcode or biometric lock (fingerprint, face ID)
- Encryption enabled on the device
- No jailbreak or root access
- Up-to-date operating system version
Open the Settings app on your device and verify each of these. For Android, go to Settings > Security. For iOS, go to Settings > Face ID & Passcode. After making changes, open Company Portal and tap Check Compliance to re-evaluate your device.
If Outlook Still Shows Account Blocked
Outlook Mobile Stuck on “Checking for Policy”
If Outlook shows a loading screen that says “Checking for policy” for more than 30 seconds, the app may be unable to contact the Conditional Access service. This can happen on weak Wi-Fi or cellular connections. Switch to a different network, such as turning off Wi-Fi and using mobile data, then restart Outlook.
Browser Sign-In Returns an “AADSTS50076” Error
This error indicates that multi-factor authentication is required but not completed. Open the Microsoft Authenticator app and check if you have pending approval requests. Approve them, then sign in again in the browser. If you do not see a request, re-register your device in Authenticator by removing and re-adding your work account.
Company Portal Shows “Device Not Compliant” After Enrollment
Open Company Portal and tap the device name. Look for a message explaining what is missing. For example, it might say “Passcode not set.” Follow the on-screen instructions to fix the issue. After making the change, tap Check Compliance in Company Portal. Once compliant, reopen Outlook.
Conditional Access Requirements for Outlook Mobile: Common Policies
| Policy Type | Requirement | How to Fulfill |
|---|---|---|
| Multi-factor authentication | Approve sign-in via Authenticator or SMS | Install Authenticator and register device |
| Device compliance | Passcode, encryption, no jailbreak | Set device passcode and enable encryption in Settings |
| Device enrollment | Device managed by Intune | Install Company Portal and complete enrollment |
| Approved client app | Only Outlook can access work email | Use Outlook, not the built-in Mail app |
The Account Blocked screen is a security gate, not a permanent lock. By completing the browser sign-in, installing Microsoft Authenticator, and enrolling your device in Company Portal, you satisfy the Conditional Access policies your organization has deployed. If issues persist, contact your IT help desk with the error code shown on the screen. They can check which specific policy is blocking your device and provide guidance tailored to your organization.