cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Why different broker apps for iOS and Android (not enrolled) when using app protection policies?

%3CLINGO-SUB%20id%3D%22lingo-sub-332758%22%20slang%3D%22en-US%22%3EWhy%20different%20broker%20apps%20for%20iOS%20and%20Android%20(not%20enrolled)%20when%20using%20app%20protection%20policies%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-332758%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20we're%20setting%20up%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fapp-based-conditional-access-intune%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Eapp-based%20conditional%20access%3C%2FA%3E%20so%20that%20iOS%20and%20Android%20are%20forced%20to%20use%20the%20Outlook%20Mobile%20app%20instead%20of%20the%20built-in%20ones%20and%20then%20applying%20app%20protection%20policies%20to%20force%20PIN%20etc.%20We%20are%26nbsp%3Bnot%20enrolling%20devices.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20customer%20wanted%20more%20information%20regarding%20the%20broker%20app%20requirement.%20We%20understand%20this%20is%20required%20so%20that%20Intune%20securely%20can%20communicate%20with%20the%20device%20and%20push%20down%20policies%20and%20we%20assume%20this%20is%20so%20that%20the%20apps%20themselves%20only%20talk%20to%20the%20broker%20app%20rather%20than%20each%20app%20talks%20directly%20to%20Intune.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EBut%20why%20are%20the%20broker%20apps%20different%20on%20iOS%20(Authenticator)%20and%20Android%20(Company%20Portal)%3F%3C%2FSTRONG%3E%20Most%20of%20their%20users%20already%20run%20the%20Authenticator%20so%20for%20iOS%20that%20is%20great%20but%20the%20Android%20users%20have%20to%20install%20the%20Company%20Portal%20which%20cause%20an%20extra%20step%20for%20the%20user%20and%20they%20also%20have%20privacy%20concerns%20for%20this.%20Why%20is%20that%20and%20are%20we%20likely%20to%20see%20this%20change%20in%20the%20future%2C%20only%20needing%20the%20Authenticator%20app%20on%20Android%3F%20Then%20we%20can%20save%20the%20Company%20Portal%20dicussion%20for%20the%20future%20when%20we%20start%20doing%20complete%20enrollment%20for%20some%20devices.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20someone%20knows%20something%20about%20this.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-332758%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Application%20Management%20(MAM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-334936%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20different%20broker%20apps%20for%20iOS%20and%20Android%20(not%20enrolled)%20when%20using%20app%20protection%20policies%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-334936%22%20slang%3D%22en-US%22%3EThis%20is%20great%20information%20and%20just%20what%20I%20was%20looking%20for.%20I%20suspect%20not%20even%20Microsoft%20can%20tell%20us%20the%20future%20roadmap%20for%20this.%20At%20the%20same%20time%20we%20have%20users%20performing%20MFA%20with%20text%20message%20(SMS)%20and%20they%20are%20confused%20why%20they%20need%20to%20install%20the%20authenticator%20app%20when%20they%20don%E2%80%99t%20need%20it%20for%20authentication.%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20the%20end%2C%20we%20have%20a%20problem%20users%20don%E2%80%99t%20wanting%20to%20%E2%80%9DAzure%20AD%20register%E2%80%9D%20(which%20the%20app%20protection%20policy%20will%20do)%20their%20device%20with%20the%20company%20because%20of%20privacy%20concerns%20(even%20though%20we%20can%E2%80%99t%20see%20much)%20since%20many%20are%20using%20their%20personal%20device.%20But%20I%20consider%20this%20a%20HR-problem%2C%20not%20an%20IT-problem%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-332942%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20different%20broker%20apps%20for%20iOS%20and%20Android%20(not%20enrolled)%20when%20using%20app%20protection%20policies%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-332942%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Jonas%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eyes%20I%20can%20explain%20why%2C%20but%20I%20can't%20explain%20if%20it%20will%20change%20in%20future.%20Here%20is%20the%20reason%20for%20this%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAndroid%20has%20a%20way%20to%20share%20data%20between%20apps%20which%20the%20Intune%20product%20uses%20on%20the%20Android%20platform.%20Which%20data%20actually%20is%20shared%20I%20don't%20know%2C%20but%20there%20are%20various%20opportunities%20for%20which%20you%20can%20use%20this.%20For%20example%20to%20deliver%20new%20SDK%20versions%20to%20other%20apps%20on%20the%20Android%20platform.%20The%20Company%20Portal%20is%20maintained%20by%20the%20Intune%20product%20group%20where%20the%20Authenticator%20app%20is%20maintained%20by%20the%20Azure%20AD%20product%20group.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20sharing%20is%20officially%20documented%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fend-user-mam-apps-android%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fend-user-mam-apps-android%3C%2FA%3E%3C%2FP%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%3EThe%20Company%20Portal%20app%20is%20a%20way%20for%20Intune%20to%20share%20data%20in%20a%20secure%20location.%20Therefore%2C%20the%20Company%20Portal%20app%20is%20a%20requirement%20for%20all%20apps%20that%20are%20associated%20with%20app%20protection%20policies%2C%20even%20if%20the%20device%20is%20not%20enrolled%20in%20Intune.%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%3EFor%20iOS%20this%20is%20not%20possible%20because%20Apple%20does%20not%20allow%20such%20a%20scenario%20due%20to%20his%20app%20model%20and%20containerization.%20So%2C%20for%20iOS%20there%20is%20absolutely%20no%20reason%20then%20to%20force%20usage%20of%20the%20Company%20Portal%20but%20the%20Authenticator%20as%20a%20broker%20makes%20totally%20sense.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ESo%20why%20does%20not%20Android%20switch%20to%20Authenticator%20as%20well%3F%20I%20think%20that's%20because%20of%20the%20different%20teams%2C%20Intune%20does%20not%20own%20the%20Authenticator%20and%20maybe%20the%20publishing%20of%20new%20versions%20then%20is%20not%20that%20fast%20as%20they%20would%20like%20it%20to%20have%20(that's%20the%20way%20how%20big%20companies%20and%20product%20ownership%20works).%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EYou%20can%20use%20Microsoft%20Intune%20UserVoice%20to%20make%20a%20Design%20Change%20Request%20or%20support%20a%20maybe%20already%20existing%20one%20here%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmicrosoftintune.uservoice.com%2Fforums%2F291681-ideas%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3Ehttps%3A%2F%2Fmicrosoftintune.uservoice.com%2Fforums%2F291681-ideas%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3Ebest%2C%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EOliver%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2226591%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20different%20broker%20apps%20for%20iOS%20and%20Android%20(not%20enrolled)%20when%20using%20app%20protection%20policies%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2226591%22%20slang%3D%22en-US%22%3EHi%20Oliver%2C%3CBR%20%2F%3EI%20had%20set%20up%20an%20app%20based%20conditional%20access%20policy%20to%20force%20outlook%20mobile%20mail%20app%2C%20but%20after%20some%20tests%20on%20an%20android%20phone%20its%20looks%20like%20I%20don't%20get%20any%20prompt%20to%20install%20the%20company%20portal.%20I%20only%20had%20to%20register%20the%20device.%3CBR%20%2F%3EI%20already%20have%20the%20authenticator%20app%20installed%20on%20the%20android%20device%2C%20so%20to%20my%20understanding%20the%20auth%20app%20can%20be%20used%20as%20the%20broker%20app%20in%20some%20cases.%3CBR%20%2F%3EDo%20you%20know%20the%20reason%20for%20this%20behaviour.%3CBR%20%2F%3EBest%2C%3CBR%20%2F%3EMil%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2273184%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20different%20broker%20apps%20for%20iOS%20and%20Android%20(not%20enrolled)%20when%20using%20app%20protection%20policies%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2273184%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F174439%22%20target%3D%22_blank%22%3E%40Oliver%20Kieselbach%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFound%20this%20when%20researching%20the%20Required%20App%20for%20Conditional%20Access.%20It%20looks%20like%20Android%20can%20either%20use%20Authenticator%20or%20the%20company%20portal.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconditional-access%2Fconcept-conditional-access-grant%23require-approved-client-app%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconditional-access%2Fconcept-conditional-access-grant%23require-approved-client-app%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CDIV%3E%22%3CSPAN%3EIn%20order%20to%20leverage%20this%20grant%20control%2C%20Conditional%20Access%20requires%20that%20the%20device%20be%20registered%20in%20Azure%20Active%20Directory%20which%20requires%20the%20use%20of%20a%20broker%20app.%20The%20broker%20app%20can%20be%20the%20Microsoft%20Authenticator%20for%20iOS%2C%20or%20%3CSTRONG%3Eeither%20the%20Microsoft%20Authenticator%20or%20Microsoft%20Company%20portal%20for%20Android%20devices.%3C%2FSTRONG%3E%20If%20a%20broker%20app%20is%20not%20installed%20on%20the%20device%20when%20the%20user%20attempts%20to%20authenticate%2C%20the%20user%20gets%20redirected%20to%20the%20appropriate%20app%20store%20to%20install%20the%20required%20broker%20app.%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3ENotice%20the%20part%20I%20bolded.%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2274184%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20different%20broker%20apps%20for%20iOS%20and%20Android%20(not%20enrolled)%20when%20using%20app%20protection%20policies%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2274184%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F367742%22%20target%3D%22_blank%22%3E%40Coopem16%3C%2FA%3E%26nbsp%3BThat%20would%20be%20amazing%20that%20you'd%20only%20need%20Authenticator%20for%20Android%20going%20forward.%20Will%20see%20if%20I%20get%20the%20opportunity%20to%20test%20this%20in%20a%20future%20rollout.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2274318%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20different%20broker%20apps%20for%20iOS%20and%20Android%20(not%20enrolled)%20when%20using%20app%20protection%20policies%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2274318%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20I%20also%20did%20read%20the%20same%20information%2C%20but%20this%20information%20is%20about%20an%20approved%20app%2C%20not%20require%20app%20protection%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETake%20a%20look%20at%20this%20Microsoft%20doc%2C%20it%20tells%20us%20to%20use%20the%20company%20portal%20app%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fapps%2Fapp-protection-policy-settings-android%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAndroid%20app%20protection%20policy%20settings%20-%20Microsoft%20Intune%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Rudy_Ooms_0-1618490172847.png%22%20style%3D%22width%3A%20424px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F273036i3233DCFED63A769F%2Fimage-dimensions%2F424x66%3Fv%3Dv2%22%20width%3D%22424%22%20height%3D%2266%22%20role%3D%22button%22%20title%3D%22Rudy_Ooms_0-1618490172847.png%22%20alt%3D%22Rudy_Ooms_0-1618490172847.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOf%20course%20to%20be%20sure...I%20tested%20it...%20I%20downloaded%20Onedrive%20and%20when%20I%20logged%20in%20with%20my%20username%20and%20password%20it%20tells%20me%20to%20install%20the%20company%20portal%20first.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20did%20the%20same%20test%20but%20with%20the%20authenticator%20preinstalled.%20This%20time%20I%20did%20not%20ask%20me%20to%20immediately%20install%20the%20Company%20portal%20when%20I%20logged%20in..%20but%20after%20a%20few%20seconds%20the%20same%20prompt...%20So%20make%20sure%20when%20you%20are%20requiring%20app%20protection%20the%20company%20portal%20is%20installed%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20want%20to%20know%20some%20more%20about%20app%20protection%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcall4cloud.nl%2F2021%2F03%2Fapp-protection-resurgence%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ECall4Cloud%20requiring%20Approved%20Apps%20or%20an%20App%20Protection%20Policy%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2274802%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20different%20broker%20apps%20for%20iOS%20and%20Android%20(not%20enrolled)%20when%20using%20app%20protection%20policies%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2274802%22%20slang%3D%22en-US%22%3EThanks%2C%3CBR%20%2F%3ERight%20now%20we%20are%20only%20using%20MFA%20and%20Required%20app%20in%20CA.%20When%20we%20set%20up%20our%20policy%20few%20apps%20supported%20the%20require%20app%20protection.%20So%20far%20this%20is%20the%20only%20Documentation%20that%20mentioned%20using%20either%20for%20the%20broker.%20None%20of%20the%20other%20docs%20do%20not%20mention%20it.%3C%2FLINGO-BODY%3E
Jonas Back
Frequent Contributor

‎Feb 07 2019 10:04 PM - edited ‎Feb 07 2019 10:05 PM

‎Feb 07 2019 10:04 PM - edited ‎Feb 07 2019 10:05 PM

Why different broker apps for iOS and Android (not enrolled) when using app protection policies?

So we're setting up app-based conditional access so that iOS and Android are forced to use the Outlook Mobile app instead of the built-in ones and then applying app protection policies to force PIN etc. We are not enrolling devices.

 

One customer wanted more information regarding the broker app requirement. We understand this is required so that Intune securely can communicate with the device and push down policies and we assume this is so that the apps themselves only talk to the broker app rather than each app talks directly to Intune.

 

But why are the broker apps different on iOS (Authenticator) and Android (Company Portal)? Most of their users already run the Authenticator so for iOS that is great but the Android users have to install the Company Portal which cause an extra step for the user and they also have privacy concerns for this. Why is that and are we likely to see this change in the future, only needing the Authenticator app on Android? Then we can save the Company Portal dicussion for the future when we start doing complete enrollment for some devices.

 

Hope someone knows something about this.

4,124 Views
0 Likes
7 Replies
Reply
7 Replies
best response confirmed by Jonas Back (Frequent Contributor)
Oliver Kieselbach

‎Feb 08 2019 06:26 AM

‎Feb 08 2019 06:26 AM

Solution

Re: Why different broker apps for iOS and Android (not enrolled) when using app protection policies?

Hi Jonas,

 

yes I can explain why, but I can't explain if it will change in future. Here is the reason for this:

 

Android has a way to share data between apps which the Intune product uses on the Android platform. Which data actually is shared I don't know, but there are various opportunities for which you can use this. For example to deliver new SDK versions to other apps on the Android platform. The Company Portal is maintained by the Intune product group where the Authenticator app is maintained by the Azure AD product group.

 

The sharing is officially documented here: https://docs.microsoft.com/en-us/intune/end-user-mam-apps-android

The Company Portal app is a way for Intune to share data in a secure location. Therefore, the Company Portal app is a requirement for all apps that are associated with app protection policies, even if the device is not enrolled in Intune.

For iOS this is not possible because Apple does not allow such a scenario due to his app model and containerization. So, for iOS there is absolutely no reason then to force usage of the Company Portal but the Authenticator as a broker makes totally sense.

 

So why does not Android switch to Authenticator as well? I think that's because of the different teams, Intune does not own the Authenticator and maybe the publishing of new versions then is not that fast as they would like it to have (that's the way how big companies and product ownership works).

 

You can use Microsoft Intune UserVoice to make a Design Change Request or support a maybe already existing one here:

https://microsoftintune.uservoice.com/forums/291681-ideas

 

best,

Oliver

1 Like
Reply
Jonas Back

‎Feb 11 2019 11:30 PM

‎Feb 11 2019 11:30 PM

Re: Why different broker apps for iOS and Android (not enrolled) when using app protection policies?

This is great information and just what I was looking for. I suspect not even Microsoft can tell us the future roadmap for this. At the same time we have users performing MFA with text message (SMS) and they are confused why they need to install the authenticator app when they don’t need it for authentication.

In the end, we have a problem users don’t wanting to ”Azure AD register” (which the app protection policy will do) their device with the company because of privacy concerns (even though we can’t see much) since many are using their personal device. But I consider this a HR-problem, not an IT-problem :)
0 Likes
Reply
MilSak

‎Mar 21 2021 02:48 PM

‎Mar 21 2021 02:48 PM

Re: Why different broker apps for iOS and Android (not enrolled) when using app protection policies?

Hi Oliver,
I had set up an app based conditional access policy to force outlook mobile mail app, but after some tests on an android phone its looks like I don't get any prompt to install the company portal. I only had to register the device.
I already have the authenticator app installed on the android device, so to my understanding the auth app can be used as the broker app in some cases.
Do you know the reason for this behaviour.
Best,
Mil
0 Likes
Reply
Coopem16

‎Apr 14 2021 12:50 PM

‎Apr 14 2021 12:50 PM

Re: Why different broker apps for iOS and Android (not enrolled) when using app protection policies?

@Oliver Kieselbach 

Found this when researching the Required App for Conditional Access. It looks like Android can either use Authenticator or the company portal.
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-acces...

"In order to leverage this grant control, Conditional Access requires that the device be registered in Azure Active Directory which requires the use of a broker app. The broker app can be the Microsoft Authenticator for iOS, or either the Microsoft Authenticator or Microsoft Company portal for Android devices. If a broker app is not installed on the device when the user attempts to authenticate, the user gets redirected to the appropriate app store to install the required broker app."
 
Notice the part I bolded. 

 

0 Likes
Reply
Jonas Back

‎Apr 15 2021 03:25 AM

‎Apr 15 2021 03:25 AM

Re: Why different broker apps for iOS and Android (not enrolled) when using app protection policies?

@Coopem16 That would be amazing that you'd only need Authenticator for Android going forward. Will see if I get the opportunity to test this in a future rollout.

0 Likes
Reply
Rudy_Ooms

‎Apr 15 2021 05:04 AM - edited ‎Apr 15 2021 05:41 AM

‎Apr 15 2021 05:04 AM - edited ‎Apr 15 2021 05:41 AM

Re: Why different broker apps for iOS and Android (not enrolled) when using app protection policies?

Hi, I also did read the same information, but this information is about an approved app, not require app protection

 

Take a look at this Microsoft doc, it tells us to use the company portal app

 

Android app protection policy settings - Microsoft Intune | Microsoft Docs

 

Rudy_Ooms_0-1618490172847.png

 

 

Of course to be sure...I tested it... I downloaded Onedrive and when I logged in with my username and password it tells me to install the company portal first.

I did the same test but with the authenticator preinstalled. This time I did not ask me to immediately install the Company portal when I logged in.. but after a few seconds the same prompt... So make sure when you are requiring app protection the company portal is installed

 

If you want to know some more about app protection

 

Call4Cloud requiring Approved Apps or an App Protection Policy

0 Likes
Reply
Coopem16

‎Apr 15 2021 09:46 AM

‎Apr 15 2021 09:46 AM

Re: Why different broker apps for iOS and Android (not enrolled) when using app protection policies?

Thanks,
Right now we are only using MFA and Required app in CA. When we set up our policy few apps supported the require app protection. So far this is the only Documentation that mentioned using either for the broker. None of the other docs do not mention it.
0 Likes
Reply