Forum Discussion

hainn1509's avatar
hainn1509
Copper Contributor
Aug 19, 2023

User must be Register their Mobile Device to Log in mobile app Android and iOS

Hello friends!

 

I ran a device management test on Intune with limited management on a group consisting of 1 laptop device and 1 user with the following Office 365 E3 license called user A.
My device was successfully managed by Intune and noted compliance policy configurations. User A logs in to the laptop device and uses it normally.
We only have a computer device management policy that has not implemented policies related to mobile devices.
The thing to note before logging in to the managed computer on user A is to log in and use apps like Outlook and Teams normally on his phone. However, after Mr. A is a member of a group managed by MDM, he cannot log in to the apps on his phone as before but requires him to register the device with the organization to be able to use those apps on the phone. That error code is 530003.

This ruined our plan when we originally intended to only manage devices that were company computers and users were added to a group managed by MDM to perform auto enrollment.
I checked the conditional access configurations only for devices that require MFA and also don't require approved client app or app protection policy.
So why does user A in a group managed by MDM have to register mobile devices?
Only user in the group managed by MDM or another user not in the group managed by MDM but logged into the laptop that is enrolled, the same thing happens to him on his personal mobile device.
Currently on Intune we also do not block Android or iOS devices.
I can show you my access policies if you need to.


Please help me, how do users not have to register their mobile devices with the organization when they log into computers that are managed by Intune.

 

Thank you!

  • hainn1509's avatar
    hainn1509
    Copper Contributor

    Hello Friends! 

    My problem solved it is in my classic conditional access which configured by another previous admin.

     

    • hainn1509's avatar
      hainn1509
      Copper Contributor

      Hi JeroenBurgerhout!

       

      Currently no! We just have compliance policies, and no App Protection Policies and security policy just some conditional access policies.

  • rahuljindal-MVP's avatar
    rahuljindal-MVP
    Bronze Contributor
    Is your CA policy for requiring compliant devices applying to all OS platforms? If yes, then that is your problem. Just set it to Windows if you don’t want to enforce it on mobile OS platforms.
    • hainn1509's avatar
      hainn1509
      Copper Contributor

      rahuljindal-MVP   

      Our CA policies do not require a compliant device. that's why I'm quite confused when checking this error, you can see my analysis report below.

       

      • rahuljindal-MVP's avatar
        rahuljindal-MVP
        Bronze Contributor
        Have you also checked the Entra ID sign-in logs? The behaviour does appear to be due to enforcement of a CA policy and sign-in logs should provide you details in relation to the failed sign-in attempts.

Resources