Forum Discussion
dammas
Jul 12, 2026Copper Contributor
Android Fully Managed devices treated as personal after AD password change
Hello! We have a huge problem... We have recently observed an issue in our organization affecting Android Fully Managed devices. After users change their domain password, within 1–3 days Condition...
rahuljindal
Jul 14, 2026Bronze Contributor
Your issue is a typical chicken and egg kind of a problem. M365 apps need to authenticate successfully to allow device state to be shared with Entra. However, your CA policies require a compliant device to be able to allow access to corporate data and complete the authentication process. Since the device state is not being captured or not recent, your users are stuck in a limbo. There are number if ways to address this, but the most effective way is to add Microsoft Intune and Microsoft Intune Enrollment apps in exclusion in resources of your CA policy in question. This should allow the enrolment\registration state to complete and re-evaluate the compliance data for Entra.