Forum Discussion
Cert Based Auth no longer working on Android devices.
Curious as to how wide spread this is/will be. Windows and iOS is fine, only affecting android.
You can easily test this by revoking MFA sessions on a user who is using cert based auth on a android phone.
I'm not sure if there has been a update recently to Android Microsoft Office apps where it thinks the certs live inside the intune company portal and is not looking for certs in the phones cert store.
BYOD work profile Android 14 phones are being problematic, when a user changed their password and Azure revoked their sessions for a reauth, the issue started occurring.
I tested this on another user manually revoking their MFA sessions without changing their password same issue occurred. I also setup a brand new Android phone and had the same issue after enrolling it.
The issue is when the user opens outlook or teams and goes to sign in, it will pop up asking to use a cert on the device or a physical key. When selecting on the device the phone will freeze it will then eventually say ""company portal isn't responding" with the options of wait or cancel. Opening chrome in the work profile and going to a office app site will popup asking for the cert and works fine. So the issue doesn't appear to be the phone getting the cert, just the Office Apps are not accessing the Phones cert Store. I can confirm the Cert is inside the work profile as a browser or cert viewer app inside the workprofile can see it, auths work fine when using a browser in work profile, just not outlook or teams inside the work profile.
4 Replies
Are you still experiencing this issue? I am seeing a similar issue with CBA, but instead of giving me the option to pick at cert, it is defaulting to another certificate that is used for encryption which fails with a certificate validation failure error.
Are you using Derived credentials, SCEP, or PKCS certs? Yubikey?
I can successfully pick a certificate when I use a Yubikey.- I ran into the same issue and noticed that in company portal version 5.0.6348.0, the code in file om/microsoft/identity/common/internal/ui/webview/certbasedauth/OnDeviceCertBasedAuthChallengeHandler.java has changed. There is now a null check to prevent a NPE. I believe the latest version of company portal i.e 5.0.6348.0 as of today should fix this.
JoshM123
Facing a similar issue. But only in pixel devices, works fine in other androids. Not sure why but i'm unable to get the certificate prompt itself in pixel devices alone.(getting it in Office 365 apps but unable to authenticate myself )If you deploy google chrome and run it in the work profile, does you cert work fine in there?
