Home

Conditional Access with Android phones

%3CLINGO-SUB%20id%3D%22lingo-sub-888127%22%20slang%3D%22en-US%22%3EConditional%20Access%20with%20Android%20phones%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-888127%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20struggling%20a%20bit%20with%20Conditional%20Access%20policies.%3C%2FP%3E%3CP%3EI%20am%20trying%20to%20create%20the%20following%20scenario%20for%20access%20from%20mobile%20phones.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20the%20device%20is%20marked%20as%20compliant%20(Intune%20enrolled)%2C%20then%20accept%20access%20to%20Exchange%20Online%20with%20modern%20auth%20and%20EAS.%3C%2FP%3E%3CP%3EIf%20the%20device%20is%20not%20marked%20as%20compliant%2C%20then%20people%20can%20use%20Approved%20Apps.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20working%20really%20well%20on%20iOS%20devices.%20On%20Android%20not%20so%20well.%20Even%20if%20an%20Android%20device%20is%20enrolled%20and%20compliat%2C%20it%20behaves%20like%20it's%20not%20enrolled%20and%20offers%20the%20user%20to%20continue%20with%20Company%20Portal.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EShould%20it%20not%20be%20possible%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-888127%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAndroid%20Enterprise%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-888435%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20with%20Android%20phones%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-888435%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52988%22%20target%3D%22_blank%22%3E%40Henrik%20Skovgaard%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Edid%20you%20try%20to%20access%20via%20EAS%20from%20work%20profile%3F%20If%20yes%3A%20Can%20you%20provide%20information%20about%20your%20CA%20policies%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-888734%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20with%20Android%20phones%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-888734%22%20slang%3D%22en-US%22%3ECould%20you%20share%20your%20CA%20policies%3F%20Are%20you%20using%201%20policy%20or%20multiple%20policy%3F%3CBR%20%2F%3EHave%20you%20checked%20the%20sign-in%20logs%20of%20Azure%20AD%20to%20check%20which%20policies%20are%20being%20assigned%3F%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20need%20some%20more%20info%20before%20we%20can%20help%20you%20out%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E
Henrik Skovgaard
Regular Visitor

I am struggling a bit with Conditional Access policies.

I am trying to create the following scenario for access from mobile phones.

 

If the device is marked as compliant (Intune enrolled), then accept access to Exchange Online with modern auth and EAS.

If the device is not marked as compliant, then people can use Approved Apps.

 

It is working really well on iOS devices. On Android not so well. Even if an Android device is enrolled and compliat, it behaves like it's not enrolled and offers the user to continue with Company Portal.

 

Should it not be possible?

2 Replies

Hi @Henrik Skovgaard,

 

did you try to access via EAS from work profile? If yes: Can you provide information about your CA policies?

Could you share your CA policies? Are you using 1 policy or multiple policy?
Have you checked the sign-in logs of Azure AD to check which policies are being assigned?

We need some more info before we can help you out :)
Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies