Aug 19 2023 12:36 AM
Aug 19 2023 12:36 AM
I ran a device management test on Intune with limited management on a group consisting of 1 laptop device and 1 user with the following Office 365 E3 license called user A.
My device was successfully managed by Intune and noted compliance policy configurations. User A logs in to the laptop device and uses it normally.
We only have a computer device management policy that has not implemented policies related to mobile devices.
The thing to note before logging in to the managed computer on user A is to log in and use apps like Outlook and Teams normally on his phone. However, after Mr. A is a member of a group managed by MDM, he cannot log in to the apps on his phone as before but requires him to register the device with the organization to be able to use those apps on the phone. That error code is 530003.
This ruined our plan when we originally intended to only manage devices that were company computers and users were added to a group managed by MDM to perform auto enrollment.
I checked the conditional access configurations only for devices that require MFA and also don't require approved client app or app protection policy.
So why does user A in a group managed by MDM have to register mobile devices?
Only user in the group managed by MDM or another user not in the group managed by MDM but logged into the laptop that is enrolled, the same thing happens to him on his personal mobile device.
Currently on Intune we also do not block Android or iOS devices.
I can show you my access policies if you need to.
Please help me, how do users not have to register their mobile devices with the organization when they log into computers that are managed by Intune.
Aug 19 2023 02:09 PM
Aug 19 2023 07:07 PM
Our CA policies do not require a compliant device. that's why I'm quite confused when checking this error, you can see my analysis report below.
Aug 19 2023 10:10 PM
Aug 19 2023 11:22 PM
you can see my sign in log like this, it requires the device to register with the organization, but my enabled CAs are all not applied. Will report-only CAs affect this?
Aug 20 2023 12:18 AM
Aug 20 2023 01:37 AM
I used the What If tool sometime before, but no CA applied as the picture below can see,
Aug 20 2023 04:01 AM
Aug 20 2023 06:41 AM
Yes! I did, but the CA policy will apply is no policies.
Aug 20 2023 08:42 AM
Aug 20 2023 10:51 PM
Aug 23 2023 06:13 AM
Aug 23 2023 06:38 PM
Currently no! We just have compliance policies, and no App Protection Policies and security policy just some conditional access policies.
Aug 25 2023 02:45 AM
My problem solved it is in my classic conditional access which configured by another previous admin.