Forum Discussion
Microsoft Defender on Android (MAM-WE)
We are asking our users to install Microsoft Defender on their BYO devices but are running into issues with certain (not all) Android devices - they are getting the below error. What could be wrong? Their devices are not enrolled - we do not use MDM for personal devices. They are installing the regular Defender app from the public Play Store.
3 Replies
Microsoft Defender for Endpoint on Android requires a work profile container for MAM-only deployments. When users install the public Play Store version directly in their personal profile, the app cannot link to the corporate identity or receive Intune app protection policies. In that case, Defender disables itself and shows that error. Some Android devices handle work profiles differently or require user consent to create a work profile, which is why only certain users see this problem.
To fix it, the Defender app must be installed automatically through the Company Portal (work profile) or using the Microsoft Intune App Protection MAM-WE flow. Here’s what to do:
Ask users to remove Microsoft Defender from their personal profile.
Make sure they have the Microsoft Intune Company Portal app installed. When prompted, they should enable a work profile during setup.
From the work profile’s Play Store (not the personal one), they can install Microsoft Defender for Endpoint. The app will then register with their corporate identity and activate normally.
If you do not want to use a work profile at all, Defender for Endpoint MAM-WE will not function correctly on Android because it depends on that profile separation for policy enforcement.
In short, this error happens because the Defender app is installed in the wrong Android profile. For MAM-WE scenarios, users must install and run it inside the managed work profile created through the Intune Company Portal.
Please hit like if you like the solution.Hi AladinH ,
Thing is, the Android problem devices do not have a work profile. We are blocking enrollment of personal devices, so all are expected to be MAM-WE. Everyone just installs Defender as normal from the public Google Play Store, but the end results vary from all good to not working at all (as in the screenshot I shared).
Hi Vibbo,
This happens because Microsoft Defender for Endpoint on Android must either run in the work profile (Android Enterprise) or be configured correctly for MAM-WE (App Protection Policies without device enrollment). Installing it only in the personal profile won’t work.
More info: https://learn.microsoft.com/en-us/defender-endpoint/android-intune
