Updated 01/02/22:
- For Samsung Galaxy devices with Android device administrator (DA) management or Android Enterprise personally-owned work profiles, a fix was released in December 2021 (CP Version 5.0.5358.0). With the fix, impacted devices will no longer be marked as non-compliant as a result of the automatic reset. The device will maintain the existing compliance state.
- This fix only applies to Samsung Galaxy devices showing as noncompliant after an automatic restart for Android device administrator (DA) management or Android Enterprise personally-owned work profiles is applied. Note that this fix does not apply to any managed devices such as Android Enterprise corporate-owned with a work profile, Android Enterprise dedicated devices, and Android Enterprise fully managed (we are continuing to investigate a fix for these devices) compliance issues after a device restart.
We are aware of an issue where some Samsung devices show as noncompliant after an automatic restart or after a managed update is applied. This could potentially affect access to corporate resources, depending on the Conditional Access policies set by the IT administrator. We are working to resolve this issue with Samsung, but in the meantime, we wanted to give you more information and workaround instructions to help you bring devices back into compliance.
For Samsung Galaxy devices with Android device administrator (DA) management or Android Enterprise personally-owned work profiles, this issue occurs when the user runs an automatic restart (Settings > Auto restart at set times) on the device. After the restart, the device shows as noncompliant in Intune, which can block access to corporate resources. This issue affects Android (DA) and Android Enterprise personally-owned work profile Samsung Galaxy devices running Android 9 or later.
- To work around the issue, users need to unlock the phone, launch the Company Portal, and trigger a device sync. Once the sync is completed, the device should show as compliant in Intune and access to corporate resources should be restored.
For Android Enterprise fully managed Samsung devices, this issue occurs when the device receives and completes a managed update. After the update, the device shows as noncompliant in Intune, which can block access to corporate resources. This issue affects Samsung devices provisioned as Android Enterprise fully managed devices running Android 11 and later.
- To work around the issue, users need to unlock the phone, open the Device Policy Controller app, and trigger a sync. Once the sync is completed, the device should show as compliant in Intune and access to corporate resources should be restored.
We will continue to update this post as new information becomes available. If you have questions or comments for the Intune team, reply to this post or reach out to @IntuneSuppTeam on Twitter.
Post updates
12/08/21: Working closely with Samsung, a fix for this issue will be included in an upcoming Company Portal update.
01/07/22: A fix was released in December 2021 (CP Version 5.0.5358.0). With the fix, impacted devices will no longer be marked as non-compliant as a result of the automatic reset. The device will maintain the existing compliance state.
02/02/22: Updated post with additional clarification that this fix only applies to Samsung Galaxy devices showing as noncompliant after an automatic restart for Android device administrator (DA) management or Android Enterprise personally-owned work profiles is applied.
