Forum Discussion
Henrik Skovgaard
Oct 02, 2019Copper Contributor
Conditional Access with Android phones
I am struggling a bit with Conditional Access policies. I am trying to create the following scenario for access from mobile phones. If the device is marked as compliant (Intune enrolled), then a...
Thijs Lecomte
Mar 12, 2020Bronze Contributor
I just checked and I am also not seeing it in a couple of tenants.
Are the devices failing on device compliance?
Are the devices failing on device compliance?
stevenpsiu
Mar 12, 2020Copper Contributor
Thijs Lecomte They are showing up as compliant under Intune. I have about 20 Androids now that we have started the MDM enrollment last month.
I have a ticket open with Microsoft and its in the process of being escalated. At this moment I cannot do a Conditional Access Policy based on device compliance. I have a policy that will require MFA for non-managed devices connecting to cloud apps (Workday), and it simply not working for Android.
The support person was sort of arguing with me because I put the ticket in about android vendor specific email app (Samsung email on a Galaxy s9) not working in the same logic.
Thanks for all your help.
- Thijs LecomteMar 13, 2020Bronze ContributorDoes it work correctly for Outlook mobile app?
I have seen the Samsung app having errors on a Work Profile before (it doesn't seem to detect it). I fear it's a Samsung issue, not a Microsoft issue- stevenpsiuMar 13, 2020Copper Contributor
Thijs Lecomte It doesnt seem to be working with the Outlook mobile app either. When I modify a CA rule to require complaint devices AND approved app, Outlook app will keep asking to enroll the device.
Also I dont think its a samsung issue either, because the non-reporting of compliant status is happening to all android devices, regardless of the brands, even though most of the android devices enrolled are Samsung.
so hypothetically, if its a samsung device, how to get this issue resolved?
Thank you so much
- Thijs LecomteMar 17, 2020Bronze ContributorI have just tested this and when I require both approved app and a compliant app, it works fine when using Outlook on a work profile.
If you are still facing this issue, I think a support case is in order.