Microsoft Defender on Android (MAM-WE)

Microsoft Defender for Endpoint on Android requires a work profile container for MAM-only deployments. When users install the public Play Store version directly in their personal profile, the app cannot link to the corporate identity or receive Intune app protection policies. In that case, Defender disables itself and shows that error. Some Android devices handle work profiles differently or require user consent to create a work profile, which is why only certain users see this problem.

To fix it, the Defender app must be installed automatically through the Company Portal (work profile) or using the Microsoft Intune App Protection MAM-WE flow. Here’s what to do:

Ask users to remove Microsoft Defender from their personal profile.

Make sure they have the Microsoft Intune Company Portal app installed. When prompted, they should enable a work profile during setup.

From the work profile’s Play Store (not the personal one), they can install Microsoft Defender for Endpoint. The app will then register with their corporate identity and activate normally.

If you do not want to use a work profile at all, Defender for Endpoint MAM-WE will not function correctly on Android because it depends on that profile separation for policy enforcement.

In short, this error happens because the Defender app is installed in the wrong Android profile. For MAM-WE scenarios, users must install and run it inside the managed work profile created through the Intune Company Portal.

Please hit like if you like the solution.