Blog Post

Intune Customer Success
3 MIN READ

Known Issue: Samsung devices are noncompliant after restart or update

Intune_Support_Team's avatar
Intune_Support_Team
Silver Contributor
Nov 10, 2021
Updated 01/02/22: For Samsung Galaxy devices with Android device administrator (DA) management or Android Enterprise personally-owned work profiles, a fix was released in December 2021 (CP Versio...
Updated Dec 19, 2023
Version 11.0
Known Issue
Intune_Support_Team's avatar
Intune_Support_Team
Silver Contributor
Feb 02, 2022

We appreciate all of your feedback and wanted to address a few of the comments and concerns above.

 

In our previous post update on 01/07/22:

This fix only applies to Samsung devices showing as noncompliant after an automatic restart. This does not apply to any managed compliance issue after a device restart.

 

If you are still impacted by this scenario after installing the December 2021 (CP Version 5.0.5358.0) update, please open a new support request via the Microsoft Endpoint Manager admin center's Help and support blade, or any of the methods here, as this will help the team capture all the information needed to resolve the issue.

 

A few comments around the Intune default value for ‘Required password type’ changes:

Starting in Android 11, and then enforced by the Intune Company Portal app in October 2021 release, the Android OS requires a more granular password policy. This was previously communicated in IT291284/MC291439. A similar issue was communicated to customers using Basic Mobility and Security in MC294075.

 

If you are impacted by this scenario, users' Android 11 devices with a work profile or device administrator enrolled devices will be marked as non-compliant and prevented from accessing corporate resources. You should check for an empty ‘Required password type’ or default password compliance setting that needs to be updated. Specifically, the two policy types affected are the “Android Compliance Policy” and the “Personally-owned work profile policies” for Device Administrator or Work Profile enrolled devices. You can use the steps below to resolve.

 

What you need to do:

  1. Go to Endpoint Manager and login with your administrator credentials.
  2. Go to Device > Compliance Policies and check your policies of type “Personally-owned work profiles” or “Android Compliance Policy” and edit to include one of five configurations as needed:
    • At least numeric (default): Enter the minimum password length a user must enter, between 4 and 16 characters.
    • Numeric complex: Enter the minimum password length a user must enter, between 4 and 16 characters.
    • At least alphabetic: Enter the minimum password length a user must enter, between 4 and 16 characters.
      At least alphanumeric: Enter the minimum password length a user must enter, between 4 and 16 characters.
    • At least alphanumeric with symbols: Enter the minimum password length a user must enter, between 4 and 16 characters. Once you save the updated policy, the next time a device checks in or a user initiates a check compliance on their device, users will receive the updated policy. At that time, the user may be asked to set their password and then will regain access to corporate resources.

 

Additional information can be found below in our docs:

"Required password type" default setting for Android, Android enterprise

Android passwords may not be enforced when selecting "device default" password type

 

If you have any additional questions or comments for the Intune team, please private message us with more information to talk though your scenario. Thanks!