Forum Discussion
Conditional Access with Android phones
I am struggling a bit with Conditional Access policies. I am trying to create the following scenario for access from mobile phones. If the device is marked as compliant (Intune enrolled), then a...
Thijs LecomteI would like to resurrect this topic, as we are also having this issue with enabling enrolled android devices with native/manufacturer developed email clients.
From the Conditional Access (CA) logs, the android devices did not report back to AAD/CA its compliance status. Its simply blank. See below for screenshot.
Seems like I can only ID the device by OS, not its state. Not sure if this is a limitation on the Android side since iOS is reporting all info to CA.
Thijs Lecomte We are using android work profile, they are all personal owned devices.
I am pulling hairs out trying to figure this out.
- I just checked and I am also not seeing it in a couple of tenants.
Are the devices failing on device compliance?Thijs Lecomte They are showing up as compliant under Intune. I have about 20 Androids now that we have started the MDM enrollment last month.
I have a ticket open with Microsoft and its in the process of being escalated. At this moment I cannot do a Conditional Access Policy based on device compliance. I have a policy that will require MFA for non-managed devices connecting to cloud apps (Workday), and it simply not working for Android.
The support person was sort of arguing with me because I put the ticket in about android vendor specific email app (Samsung email on a Galaxy s9) not working in the same logic.
Thanks for all your help.