Forum Discussion
force enrollment on android device
Hello,
i'm facing the following behavior and try to understand why this happens.
When a special user is signing in to Outlook for Android the following message appears:
"Help us to ensure the safety of your device.
To continue, you need to install the Intune Enterprise Portal App and register your device. This app helps you better protect organizational data."
I have no idea, why the device seems to be enforced to register in Intune. All the other devices in our company behave normal. (normal in my understanding ;)
Normal means: App Protection Policies are applied when using e.g. Outlook on an unregistered device.
Any idea is appreciated. :-)
Patrick
PatrickF11 You can sign-in to the Company Portal app on a device to register it, just don't complete the enrollment. There should be an option to "postpone" after signing-in. The Authenticator app is no longer required on iOS to enforce app protection policies, it is enforced by the mobile apps themselves.
- eglocklingSteel Contributor
PatrickF11 On Android, the Intune Company Portal app is required to enforce app protection policies. End-users do not need to enroll their device, but the app is still required .
https://docs.microsoft.com/en-us/intune/end-user-mam-apps-android#access-apps
- PatrickF11Steel Contributor
eglockling Just to make it clear to me:
When i use an Android device and i did not have the Company Portal app installed, no app protection policy is applied? And: To apply the app protection policy the user is forced to install the intune company portal app. (no need to register within the app, right?)
So that means, once i have app protection policies set up for android devices, no user is able to use e.g. outlook, until he/she has the intune company portal app installed, because the Outlook app is covered by an app protection policy, right?
- eglocklingSteel Contributor
PatrickF11 That's correct.
- Alexander VanyurikhinIron Contributor
That is confusion reported to Microsoft log time ago.
On iOS user will be asked to install MS Authenticator ap which is ok.But on Android they asked to use Company portal which is confusing. I already faced an issue with users who saw message to install Intune app an just aborted configuration because they didn't want to enroll phone. So on Android it is really essential to explain difference between Device Registration and Device Enrollment.
- PatrickF11Steel Contributor
Alexander Vanyurikhin You're right, that is really confusing..
What do you mean with "difference between Device Registration and Device Enrollment."
How can i register a android device without enrollment? Or do you mean: When the user only has the company portal app installed and not configured, this is registration. When the user has signed in to company portal app and went through the process, the device is enrolled.
- eglocklingSteel Contributor
PatrickF11 You can sign-in to the Company Portal app on a device to register it, just don't complete the enrollment. There should be an option to "postpone" after signing-in. The Authenticator app is no longer required on iOS to enforce app protection policies, it is enforced by the mobile apps themselves.