Intune blocking Android native app to work

%3CLINGO-SUB%20id%3D%22lingo-sub-379528%22%20slang%3D%22en-US%22%3EIntune%20blocking%20Android%20native%20app%20to%20work%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-379528%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EI%20currently%20have%20intune%20configured%26nbsp%3Band%20all%20working%20well.%20What%20I%20realised%20is%20that%20if%20a%20user%20tries%20to%20configure%20mail%20on%20their%20Android%20native%20mail%20app%20it%20keeps%20asking%20to%20enrol%20even%20though%20the%20user%20is%20already%20enrolled.%20Any%20help%20on%20what%20I%20can%20do%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-379528%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Application%20Management%20(MAM)%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-388497%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20blocking%20Android%20native%20app%20to%20work%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-388497%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F250456%22%20target%3D%22_blank%22%3E%40AndrewDawson%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%20and%20they%20are%20both%20not%20ticked..%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-387096%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20blocking%20Android%20native%20app%20to%20work%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-387096%22%20slang%3D%22en-US%22%3EDo%20you%20have%20any%20conditional%20access%20policies%20requiring%20the%20use%20of%20Modern%20authentication%20or%20approved%20client%20applications%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconditional-access%2Ftechnical-reference%23approved-client-app-requirement%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconditional-access%2Ftechnical-reference%23approved-client-app-requirement%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EAny%20screenshots%20would%20also%20be%20useful.%3CBR%20%2F%3E%3CBR%20%2F%3E%E2%80%94%E2%80%94%E2%80%94%E2%80%94%E2%80%94%E2%80%94%E2%80%94%3CBR%20%2F%3EYou%20should%20also%20reconsider%20the%20use%20of%20Android%20Device%20Admin%20for%20a%20number%20of%20reasons%2C%20urgency%20will%20depend%20on%20management%20requirements%2C%20devices%20models%20and%20OS%20(current%20and%20updates).%3CBR%20%2F%3E%3CBR%20%2F%3ERead%20up%20on%20device%20admin%20deprecation%20below.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdevelopers.google.com%2Fandroid%2Fwork%2Fdevice-admin-deprecation%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdevelopers.google.com%2Fandroid%2Fwork%2Fdevice-admin-deprecation%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-386656%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20blocking%20Android%20native%20app%20to%20work%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-386656%22%20slang%3D%22en-US%22%3ENo%20I%20am%20not%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-386655%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20blocking%20Android%20native%20app%20to%20work%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-386655%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F284113%22%20target%3D%22_blank%22%3E%40BENT17%3C%2FA%3E%26nbsp%3Bare%20you%20using%20Android%20Enterprise%20with%20work%20profile%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-386569%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20blocking%20Android%20native%20app%20to%20work%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-386569%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F250456%22%20target%3D%22_blank%22%3E%40AndrewDawson%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIts%20showing%20me%20the%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHelp%20us%20keep%20your%20device%20secure%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYour%20sign-in%20was%20successful%2C%20but%20your%20admin%20requires%20your%20device%20to%20be%20managed%20by%20**************%20to%20access%20this%20resource%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20note%20I%20am%20using%20Office%20365%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-386304%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20blocking%20Android%20native%20app%20to%20work%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-386304%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F284113%22%20target%3D%22_blank%22%3E%40BENT17%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20asking%20to%20enrol%20as%20a%20Device%20Administrator%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20so%20it%20sounds%20like%20the%26nbsp%3B%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients%2Fexchange-activesync%2Fmobile-device-mailbox-policies%3Fview%3Dexchserver-2019%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Edefault%20mobile%20device%20mailbox%20policy%3C%2FA%3E%20is%20the%20cause%20of%20your%20issue.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fcreate-or-modify-a-mobile-device-mailbox-policy-exchange-2013-help%23use-the-eac-to-edit-a-mobile-device-mailbox-policy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fcreate-or-modify-a-mobile-device-mailbox-policy-exchange-2013-help%23use-the-eac-to-edit-a-mobile-device-mailbox-policy%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%2CAndrew%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-382515%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20blocking%20Android%20native%20app%20to%20work%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-382515%22%20slang%3D%22en-US%22%3E%3CP%3EPlease%20note%20that%20the%26nbsp%3BRequire%20approved%20client%20apps%20is%20un%20checked%20and%20still%20asking%20me%20to%20enrol....%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-379855%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20blocking%20Android%20native%20app%20to%20work%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-379855%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EAny%20Help%20please%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-698636%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20blocking%20Android%20native%20app%20to%20work%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-698636%22%20slang%3D%22en-US%22%3EDid%20you%20ever%20find%20a%20solution%20to%20this%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-815404%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20blocking%20Android%20native%20app%20to%20work%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-815404%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F284113%22%20target%3D%22_blank%22%3E%40BENT17%3C%2FA%3E%26nbsp%3BSame%20problem%20here.%26nbsp%3B%20I%20have%20turned%20off%20all%20my%20conditional%20access%20rules%2C%20my%20test%20account%20does%20not%20have%20any%20other%20policies%20applied%20to%20it.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-901700%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20blocking%20Android%20native%20app%20to%20work%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-901700%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F82113%22%20target%3D%22_blank%22%3E%40Andrew%20Liggett%3C%2FA%3E%26nbsp%3BSame%20issue%20for%20us.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

I currently have intune configured and all working well. What I realised is that if a user tries to configure mail on their Android native mail app it keeps asking to enrol even though the user is already enrolled. Any help on what I can do?

11 Replies

Any Help please?

Highlighted

Please note that the Require approved client apps is un checked and still asking me to enrol....

Highlighted

Hi @BENT17 

 

Is it asking to enrol as a Device Administrator?

 

If so it sounds like the default mobile device mailbox policy is the cause of your issue.

 

https://docs.microsoft.com/en-us/exchange/create-or-modify-a-mobile-device-mailbox-policy-exchange-2...

 

,Andrew

 

 

Highlighted

@AndrewDawson 

 

Its showing me the following:

 

Help us keep your device secure

 

Your sign-in was successful, but your admin requires your device to be managed by ************** to access this resource

 

Please note I am using Office 365

Highlighted

@BENT17 are you using Android Enterprise with work profile?

Highlighted
No I am not
Highlighted
Do you have any conditional access policies requiring the use of Modern authentication or approved client applications?

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/technical-reference#appro...

Any screenshots would also be useful.

———————
You should also reconsider the use of Android Device Admin for a number of reasons, urgency will depend on management requirements, devices models and OS (current and updates).

Read up on device admin deprecation below.
https://developers.google.com/android/work/device-admin-deprecation
Highlighted

@AndrewDawson 

 

Yes and they are both not ticked.. 

Highlighted
Did you ever find a solution to this?
Highlighted

@BENT17 Same problem here.  I have turned off all my conditional access rules, my test account does not have any other policies applied to it.

Highlighted

@Andrew Liggett Same issue for us.