Apr 23 2021 12:52 AM
Hi Team,
In android, I am facing an issue where on my app, App Protection Policy is not working when i have Intune company portal app is installed and signed in. In the app i get the success callback as "ENROLLMENT_SUCCEEDED" but still it does apply the policy.
Where as if i have only installed Intune company portal app not signed in, policy gets applied.
Could please anyone helps me to understand this scenario, Any idea is appreciated.
Thanks,
Swati
Apr 23 2021 02:01 AM
Hi, it looks like your app protection policy. How did you target the devices? All devices or did you specify specific types?
Because when you signing in in the company portal, you are enrolling your devices so its managed by intune.
If you don't sign in your device is unmanaged
I always create multiple app protection policy to make sure all devices types are protected
Apr 23 2021 03:40 AM
@Rudy_Ooms_MVP So what is the right option i shall choose ? so that it applies on both (managed and unmanaged devices). I checked the policy it was "targeted the all devices" and now i tried to target only "Android device administrator" but still facing same issue.
Would appreciate you help here. Thanks.
Apr 23 2021 04:51 AM
Apr 23 2021 05:21 AM
Apr 23 2021 05:28 AM
SolutionApr 23 2021 05:30 AM
Apr 23 2021 05:35 AM
Apr 23 2021 05:35 AM
Apr 23 2021 05:38 AM - edited Apr 23 2021 05:45 AM
Hi,
I thought the same thing... But if you take a look at the blog I mentioned ... Requiring approved apps OR app protection is also working with Teams . So you can require approved apps and for the app that do support it... app protection(even when Microsoft docs tells us something else)
Apr 26 2021 01:40 PM
Apr 26 2021 05:13 PM
Apr 29 2021 01:40 AM
Apr 29 2021 05:02 AM
Apr 30 2021 08:09 AM - edited Apr 30 2021 08:16 AM
It may be working, but it is not supported. There are 3 Apps that do not support the OR Grant:
Note
Microsoft Teams, Microsoft Kaizala, Microsoft Skype for Business and Microsoft Visio do not support the Require app protection policy grant. If you require these apps to work, please use the Require approved apps grant exclusively. The use of the or clause between the two grants will not work for these three applications.
This is a road block for us. I have the "OR" policy set up and ready to move users to it. It requires stacking policies. I have one that does MFA and TOU with the "AND" grant, and then a policy with the approved app and app protection grants appled with an OR grant. But until Teams offically supports this, I am stuck with my current policies. I do not care about Skype, Visio, or Kaizala. However Teams is a much used app for us. And until it is supported we will not go down that route. This is also great if you only need one or the other, But stacking on MFA and TOU adds complexity. It can be done, by stacking policies, however it is more complex.
Apr 23 2021 05:28 AM
Solution