SOLVED

Intune - Company Portal Issues with MDM Android tablets

%3CLINGO-SUB%20id%3D%22lingo-sub-1166337%22%20slang%3D%22en-US%22%3EIntune%20-%20Company%20Portal%20Issues%20with%20MDM%20Android%20tablet%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1166337%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20noticed%20that%20some%20of%20our%20Samsung%20tablets%20that%20use%20Android%207.1%20started%20having%20issues%20with%20our%20managed%20apps%2C%20such%20as%20outlook%2C%20word%2C%20excel%20and%20more.%20We%20were%20not%20able%20to%20open%20any%20apps%2C%20when%20we%20attempt%20to%2C%20the%20app%20just%20crashes.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENo%20changes%20have%20been%20made%20to%20our%20policies%20and%20all%20apps%20are%20up%20to%20date.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20a%20work%20around%2C%20we%20removed%20company%20portal%20and%20the%20work%20profile%20on%20the%20device%2C%20tried%20to%20enroll%20the%20device%20again.%20Which%20seems%20to%20start%20off%20fine%2C%20we%20able%20to%20login%20and%20get%20past%20MFA%20but%20every%20time%20the%20device%20tries%20to%20register%2C%20company%20portal%20crashes.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20an%20extreme%20workaround%2C%20we%20have%20wiped%20the%20device%20and%20then%20we%20can%20enroll%20it%20back%20into%20intune.(This%20is%20far%20from%20ideal)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20a%20lot%20of%20tablets%20that%20have%20been%20affected%20and%20each%20day%20we%20see%20we%20more%20tablets%20having%20the%20same%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHas%20anyone%20had%20a%20similar%20issue%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1166337%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1166978%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20-%20Company%20Portal%20Issues%20with%20MDM%20Android%20tablet%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1166978%22%20slang%3D%22en-US%22%3EI%20have%20seen%20this%20issue%20when%20there%20were%20issues%20with%20app%20protection%20policies%3F%3CBR%20%2F%3E%3CBR%20%2F%3EDo%20you%20have%20those%20in%20place%20or%20are%20you%20requiring%20some%20conditions%20through%20conditional%20access%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1167035%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20-%20Company%20Portal%20Issues%20with%20MDM%20Android%20tablet%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1167035%22%20slang%3D%22en-US%22%3Ecould%20you%20check%20the%20sign-in%20logs%20in%20AzureAD%20and%20check%20where%20exactly%20it's%20failing.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20had%20an%20Android%20phone%20fail%20because%20I%20used%20the%20'require%20app%20protection%20policy'%20and%20switched%20to%20'require%20approved%20app'%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1167034%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20-%20Company%20Portal%20Issues%20with%20MDM%20Android%20tablet%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1167034%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F186539%22%20target%3D%22_blank%22%3E%40Thijs%20Lecomte%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHey%20Thijs%2C%20yes%20we%20have%20app%20protection%20policies%20applied%20for%20all%20of%20our%20managed%20apps.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20also%20have%20conditional%20access%20in%20place%20too.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20wiping%20a%20tablet%20back%20to%20factory%20reset%2C%20removing%20all%20instances%20of%20that%20device%20from%20intune%20and%20enrolling%20it%20back%20via%20company%20portal%2C%20seems%20to%20have%20fixed%20the%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20way%20I%20can%20do%20this%20without%20wiping%20the%20tablet%20and%20keeping%20it%20enrolled%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

We have noticed that some of our Samsung tablets that use Android 7.1 started having issues with our managed apps, such as outlook, word, excel and more. We were not able to open any apps and when we attempt to, the app just crashes.

 

No changes have been made to our policies and all apps are up to date.

 

We tried to fix the issue by removing company portal and the work profile on the affected device, then we tried to enrol the device again. This seems to start off fine, as we were able to login and get past MFA, but every time the device tries to register, company portal crashes!

 

As an extreme workaround, we have to wipe the affected device and then we can enrol it back into intune.(This is far from ideal)

 

We have lots of tablets that have been affected and each day we see much more tablets having the same issue.

 

Has anyone had a similar issue?

26 Replies
Highlighted
I have seen this issue when there were issues with app protection policies?

Do you have those in place or are you requiring some conditions through conditional access?
Highlighted

@Thijs Lecomte 

Hey Thijs, yes we have app protection policies applied for all of our managed apps.

 

We also have conditional access in place too.

 

But wiping a tablet back to factory reset, removing all instances of that device from intune and enrolling it back via company portal, seems to have fixed the issue.

 

Is there way I can do this without wiping the tablet and keeping it enrolled?

 

Thanks

 

Highlighted
could you check the sign-in logs in AzureAD and check where exactly it's failing.

I had an Android phone fail because I used the 'require app protection policy' and switched to 'require approved app'
Highlighted

Hi,

 

Exactly the same problem here, we have 70 Android smartphones (Android version is 7.1.2) which begin to fail one after the other, Outlook, Word, Excel crash at the autentification process.

 

 

We ask Microsoft with no answer at this time, some help will be much appreciated !!

 

Thanks

Highlighted
We've got the same issue on our Samsung A5 phones.
Highlighted
Thanks, I will try that with one of the troubled users in a moment and get back to you with an update

Most appreciated.
Highlighted

I have logged a ticket with Microsoft and their Dev team is looking into it..

Still no solid explanation from them, I will keep you posted on any news.

Highlighted
not good.. I've noticed there has been updates to Intune company portal and outlook in the last 2 days for Android.

I will keep you posted on any new revelations.
Highlighted

We tried to install Office manually from the playstore, exact same version as the one insalled with Intune and it works

We have no conditional strategy applied,

 

Will keep you inform too

 

Thanks

Highlighted
Yammer works, it seems to be a problem with the authentification system of Word, Excel and outlook
Highlighted
Yes we had exactly the same results too.. It seems to be an issue with Intune..
Highlighted

@Thijs Lecomte 

 

Upon trying to re-enroll an affected user and tablet back into Intune, I can see that Microsoft Intune Company Portal signs in successfully from the Android tablet, then the Microsoft Authentication Broker, both are successful.

 

..then company portal crashes on the tablet and nothing..

 

So just to clarify, if the tablet was enrolled, we just access access any managed apps and if we attempt to re-enrol it, this happens

 

Any ideas?

Highlighted

After reading the Logs, it seems the problem appears after this update :

 

Initiated by :

 
Device Registration Service
User-Agent
Microsoft ADO.NET Data Services
 
Property name : 
Included Updated Properties
 
OLD value : nothing
New value : ""
Highlighted

@obisch2440 I will look into this and let you know what I find, thanks for the update.

 

Also check: Intune ->Device enrollment -> Incomplete user enrollments: then Export the list

 

I've seen lots of failed enrollments with the result of abandonment, it does not give a clear indication on what is happening but it's something to go on.

 

Also have you tried to factory wipe your device and enrol it again?

Highlighted
Thank you, i will take a look

No i haven't try the factory reset. I have still no news from Microsoft
Highlighted
Keep me updated, as that will change the the device id in Azure and you should be able to enrol the device again.

Let me know how that goes?
Highlighted
Yes i will let you know

Thank you
Highlighted
Good morning, just a quick update.

Microsoft are definitely looking into this and aware it's affecting multiple clients, so I hope they will have a fix soon.

I will update you when I have some more news.
Highlighted

@ChrisWork 

 

Hi Chris, yes i revived Microsoft this morning. Will keep you inform too.

 

Thank you