Forum Discussion
New Intune App listed?
Hey everyone, this morning I noticed that a new app is being evaluated when completing Intune enrollments for Android Enterprise fully managed. Our CA policies are now reporting the following app when users first authenticate using Chrome during the device enrollment:
- perlarsen1975
Microsoft
If your are trying to exclude Conditional access rules that require MFA - then here is the solution,
If you have an Azure AD Conditional Access policy defined that uses the require a device to be marked as compliant Grant control or a Block policy and applies to All Cloud apps, Android, and Browsers, you must exclude the Microsoft Intune cloud app from this policy. This is because the Android setup process uses a Chrome tab to authenticate your users during enrollment.- This is correct, but we are already excluding the “Microsoft Intune” and “Microsoft Intune Company Portal” cloud apps from the policy and it was functioning as expected earlier this year. The problem is that the initial authentication request in Chrome is now being made against the cloud app “Microsoft Intune Web Company Portal”, which is not available from the list of applications in the tenants. Any other suggestions? I’ve already opened a support case with Microsoft, but they don’t seem to be aware of the application yet.
Hey I hope you are doing well. Did you ever get an answer on this, from Microsoft? We are trying to make Portal.manage.microft.com available via chrome an safari.
Thanks in advance.
- Sorry for reopening this thread.
I ran in to the same issue today, even though sign in logs showed the Microsoft Intune Web Company Portal as the application.
Excluding the application Microsoft Intune Enrollment solved it for us.Same Issue here, but not solved yet.
The customer wanted us to create a conditional access policy that blocks sign ins from unmanaged devices. Therefore i've created:
- All Users included
- All cloud apps included
- "Microsoft Intune" and "Microsoft Intune Enrollment" excluded
- Conditions: Exclude filtered devices: deviceOwnership -eq Company OR deviceOwnership -eq Personal
- Access control: Block
The policy is fine i guess. But: The SignIn Logs of the user shows that the App the user is trying to sign in while Intune Enrollment is "Microsoft Intune Web Company Portal". Unfortunately this cannot be exkluded. (By the way: We're using Automated Device Enrollment via Apple Business Manager / Intune Enrollment Program Token to enroll these devices.)
There must be a better solution than excluding users temporarily from the policy..... 😕 (This cannot be a solution of course).Here you can see the sign-in logs:
Right after excluding the user from the conditional access policie it worked immediately (of course). (The "interupt" event was the MFA prompt, just as expected.)
Kind regards
Patrick
PatrickF11 - Did you ever get an answer for this? Just looking at a similar issue.
