Home

intune using AFW same device registered twice direct and EAS

%3CLINGO-SUB%20id%3D%22lingo-sub-47626%22%20slang%3D%22en-US%22%3Eintune%20using%20AFW%20same%20device%20registered%20twice%20direct%20and%20EAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-47626%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eplease%20help%20me%20on%20Exchange%20on-prem%20conditional%20access%20with%20intune%20same%26nbsp%3Bdevice%20registered%20twice%20direct%20and%20EAS%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1-%20Direct%20in%20compliance%20EAS%20active%20but%20still%20can%20not%20create%20mail%20profile%3C%2FP%3E%3CP%3E2-%20EAS%20it%20show%20access%20denied%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F11084iA7A49A6471BC2175%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22AFW.PNG%22%20title%3D%22AFW.PNG%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20899px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F11085i19323544336A7860%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22EAS1.PNG%22%20title%3D%22EAS1.PNG%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20660px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F11086i7D2FB32C192267A7%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22EAS2.PNG%22%20title%3D%22EAS2.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-47626%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-133020%22%20slang%3D%22en-US%22%3ERe%3A%20intune%20using%20AFW%20same%20device%20registered%20twice%20direct%20and%20EAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-133020%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20having%20a%20similar%20issue%20where%20the%20device%20shows%20up%20in%20Intune%20twice%2C%20once%20as%20Android%20and%20once%20as%20Outlook.%26nbsp%3B%20I'm%20using%20O365%2C%20and%20Intune%20with%20hybrid%20mdm%2C%20nothing%20on%20premise.%26nbsp%3B%20I%20do%20have%20EAS%20set%20to%20quarantine%20new%20devices%20until%20we%20approve%20them.%26nbsp%3B%20Would%20turning%20that%20off%20solve%20the%20problem%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F24944i84DF20A2E96C382E%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Device-twice-intune.jpg%22%20title%3D%22Device-twice-intune.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-54157%22%20slang%3D%22en-US%22%3ERe%3A%20intune%20using%20AFW%20same%20device%20registered%20twice%20direct%20and%20EAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-54157%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20the%20Outlook%20application%20will%20appear%20as%20it's%20own%20device.%20Unforutunately%20the%20Outlook%20client%20is%20not%20yet%20supported%20with%20Exchange%20On-Premises.%20Microsoft%20has%20announced%20they%20will%20support%20it%20in%20UserVoice%3A%3C%2FP%3E%3CP%3EMore%20information%20regarding%20this%20can%20be%20found%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fmicrosoftintune.uservoice.com%2Fforums%2F291681-ideas%2Fsuggestions%2F11530827-conditional-access-for-on-premise-exchange-and-out%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmicrosoftintune.uservoice.com%2Fforums%2F291681-ideas%2Fsuggestions%2F11530827-conditional-access-for-on-premise-exchange-and-out%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-53321%22%20slang%3D%22en-US%22%3ERe%3A%20intune%20using%20AFW%20same%20device%20registered%20twice%20direct%20and%20EAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-53321%22%20slang%3D%22en-US%22%3E%3CP%3Ethanks%20for%20the%20suggestion%20already%20changed%20it%20%22Allow%20the%20devices%20access%20to%20Exchange%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ebut%20still%20android%20devices%20recginized%20as%20two%20devices%20if%20outlook%20profile%20was%20depolyed%20as%20some%20users%20want%20to%20change%20gmail%20client%20mail%20app%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EYousef%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-53309%22%20slang%3D%22en-US%22%3ERe%3A%20intune%20using%20AFW%20same%20device%20registered%20twice%20direct%20and%20EAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-53309%22%20slang%3D%22en-US%22%3E%3CP%3EI%20would%20suggest%20you%20change%20the%20%22default%20rule%22%20to%20%22Allow%20the%20devices%20access%20to%20Exchange%22%2C%20this%20is%20a%20Global%20Exchange%20Rule%20which%20may%20cause%20issues%20and%20will%20affect%20devices%20outside%20the%20scope%20of%20your%20Intune%20deployment.%20Also%20note%3B%20Intune%20synchronizes%20EAS%20devices%20from%20Exchange%20-%20if%20users%20have%20previously%20EAS%20enabled%20devices%20they%20will%20appear%20in%20the%20Intune%20console%2C%20considering%20you%20have%20Default%20Rule%20to%20Quarantine%20this%20will%20definitely%20affect%20the%20users.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20will%20summarize%20my%20suggestions%3A%3C%2FP%3E%3COL%3E%3CLI%3EChange%20default%20rule%20to%20%22Allow%20the%20devices%20access%20to%20Exchange%22%20(No%20worries%2C%20everything%20will%20work%20as%20expected%20regardless%2C%20this%20is%20just%20a%20Global%20Exchange%20Rule%20targetting%20users%20outside%20your%20Tenant).%3C%2FLI%3E%3CLI%3EMake%20sure%20you%20deployed%20Email%20Configuration%20Profile%20for%20Gmail%20through%20Android%20for%20Work%20settings%20and%20that%20the%20user%20receives%20the%20configuration.%26nbsp%3B%3C%2FLI%3E%3C%2FOL%3E%3C%2FLINGO-BODY%3E
Yousef Hanoun
Occasional Contributor

Dear All,

 

 

please help me on Exchange on-prem conditional access with intune same device registered twice direct and EAS

 

1- Direct in compliance EAS active but still can not create mail profile

2- EAS it show access denied

 

 

 

AFW.PNGEAS1.PNGEAS2.PNG

 

4 Replies

I would suggest you change the "default rule" to "Allow the devices access to Exchange", this is a Global Exchange Rule which may cause issues and will affect devices outside the scope of your Intune deployment. Also note; Intune synchronizes EAS devices from Exchange - if users have previously EAS enabled devices they will appear in the Intune console, considering you have Default Rule to Quarantine this will definitely affect the users. 

 

I will summarize my suggestions:

  1. Change default rule to "Allow the devices access to Exchange" (No worries, everything will work as expected regardless, this is just a Global Exchange Rule targetting users outside your Tenant).
  2. Make sure you deployed Email Configuration Profile for Gmail through Android for Work settings and that the user receives the configuration. 

thanks for the suggestion already changed it "Allow the devices access to Exchange"

 

but still android devices recginized as two devices if outlook profile was depolyed as some users want to change gmail client mail app

 

Thanks,

Yousef

 

 

Yes, the Outlook application will appear as it's own device. Unforutunately the Outlook client is not yet supported with Exchange On-Premises. Microsoft has announced they will support it in UserVoice:

More information regarding this can be found here: https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/11530827-conditional-access-fo...

I'm having a similar issue where the device shows up in Intune twice, once as Android and once as Outlook.  I'm using O365, and Intune with hybrid mdm, nothing on premise.  I do have EAS set to quarantine new devices until we approve them.  Would turning that off solve the problem?

 

Device-twice-intune.jpg

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies