Apr 17 2019 11:13 PM
Apr 17 2019 11:13 PM
i'm facing the following behavior and try to understand why this happens.
When a special user is signing in to Outlook for Android the following message appears:
"Help us to ensure the safety of your device.
To continue, you need to install the Intune Enterprise Portal App and register your device. This app helps you better protect organizational data."
I have no idea, why the device seems to be enforced to register in Intune. All the other devices in our company behave normal. (normal in my understanding ;)
Normal means: App Protection Policies are applied when using e.g. Outlook on an unregistered device.
Any idea is appreciated. :)
Apr 18 2019 05:20 AM - edited Apr 18 2019 05:20 AM
@PatrickF11 On Android, the Intune Company Portal app is required to enforce app protection policies. End-users do not need to enroll their device, but the app is still required .
Apr 22 2019 04:17 AM
That is confusion reported to Microsoft log time ago.
On iOS user will be asked to install MS Authenticator ap which is ok.
But on Android they asked to use Company portal which is confusing. I already faced an issue with users who saw message to install Intune app an just aborted configuration because they didn't want to enroll phone. So on Android it is really essential to explain difference between Device Registration and Device Enrollment.
Apr 29 2019 06:00 AM
@eglockling Just to make it clear to me:
When i use an Android device and i did not have the Company Portal app installed, no app protection policy is applied? And: To apply the app protection policy the user is forced to install the intune company portal app. (no need to register within the app, right?)
So that means, once i have app protection policies set up for android devices, no user is able to use e.g. outlook, until he/she has the intune company portal app installed, because the Outlook app is covered by an app protection policy, right?
Apr 29 2019 06:03 AM
@Alexander Vanyurikhin You're right, that is really confusing..
What do you mean with "difference between Device Registration and Device Enrollment."
How can i register a android device without enrollment? Or do you mean: When the user only has the company portal app installed and not configured, this is registration. When the user has signed in to company portal app and went through the process, the device is enrolled.
Apr 30 2019 05:58 AMSolution
@PatrickF11 You can sign-in to the Company Portal app on a device to register it, just don't complete the enrollment. There should be an option to "postpone" after signing-in. The Authenticator app is no longer required on iOS to enforce app protection policies, it is enforced by the mobile apps themselves.
May 02 2019 11:06 PM - edited May 03 2019 12:00 AM
@eglockling Thank you for your reply.
A quote from MS:
However, the user does not have to launch or sign into the Company Portal app before they can use apps that are managed by app protection policies.
So it seems not be necessary to sign in.
But what for should a user sign in, then?
What i just tested: When a user has outlook already configured and i'm going to rollout the app protection policies the user isn't prompted to download the company portal app. And: The user isn't using the app protection policies and feels wonderfully free using outlook for android without any reglementations. :\
May 03 2019 10:03 AM
Apr 23 2021 02:00 AM
I am facing an issue where on my app, App Protection Policy is not working when i have Intune company portal app is installed and signed in.
Where as if i have only installed Intune company portal app not signed in, policy gets applied.
Could you please helps me to understand this scenario, Any idea is appreciated.