Why is "Activate device admin app" displaying when setting up Outlook on Android?

Counie · ‎Jul 30 2019

Hi Everyone,

I'm not very experienced with the Intune product set and within my tenant I don't have admin access to manage any settings related to mobile access management.

From the beginning of this week, I'm receiving reports from people installing the Outlook for Android app and connecting to our tenant that they are seeing an additional "Activate device admin app" screen that we were not expecting to see.

The screen is that which is displayed at the following URL https://support.office.com/en-us/article/set-up-email-in-the-outlook-for-android-app-886db551-8dfa-4...

None of the admins have reported making any changes at tenant level.

Are there any reasons why this message will have started appearing at this stage?

Could Microsoft have made a change to the configuration settings? (perhaps one that has been announced already)

Thanks everyone.

Alexander Vanyurikhin · ‎Jul 30 2019

@Counie i believe that is going from Exchange. Could you check if there are any MDM or EAS settings applied?

Counie · ‎Jul 30 2019

@Alexander Vanyurikhin I dont' have visibility over admin settings. i just have to take other peoples word for it :)

Counie · ‎Aug 08 2019

Is there a resource that I could direct our admin to so that they would know what to check?

is it a case of googling EAS and MDM policy settings for Exchange Online..

I'll give it a shot.

Counie · ‎Aug 12 2019

Hi All,

What happened here is that a policy had been applied all along.. and we didn't notice it on the front end because everyone who tested the installation process did so on a mobile device that met the minimum requirements of the policy (mostly they were IT staff)

It's not clear to me who actually set the policy originally , or if in fact anyone in our team manually configured this policy at all .

However, when non-IT end users started to install Outlook .. in all cases it was on the Android platform .. we started to notice the "Outlook Device Policy" screens appearing.

Eventually we determined that it was because their devices (these are all unmanaged personal devices) DID NOT meet the minimum standard of the policy. So the approach now is that if they don't meet the minimum standard.. they don't get to connect the app to our tenant.

Meral321 · ‎Aug 25 2021

@Counie

What bothered me was the msg that states (" DELETE ALL DATA") "Erase the phones data without warning by performing a factory data reset" .. what the???

So I was very cautious to that info and just clicked "cancel"

Has anybody agreed to the terms and conditions and experienced anything negative ?

Danish1245 · ‎Nov 23 2021

@Meral321 I'll prefer not to setup outlook on my personal device which say (" DELETE ALL DATA").

dekashyap · ‎Mar 31 2022

@Counie Could you please help where this policy is located that was causing this issue?

Auclearwater · ‎Nov 05 2022

@Meral321

It is difficult to explain why Android presents that possibility to the user that their personal data will be wiped, but it actually won't be. So don't worry. Outlook doesn't contain a specific policy "OS call" that would trigger such a thing. It's an app-level wipe, not a phone wide wipe. It could remove all Outlook app data that's synced from the work servers if too many incorrect password attempts occur at the lock screen.

These are the four policies enacted when a user grants device admin privileges to Outlook.

1. Encrypted-storage

2. Force-lock

3. Limit-password

4. Watch-login

The three policies that can wipe your device are setMaximumFailedPasswordsForWipe and two wipeData methods. All three of these require the USES_POLICY_WIPE_DATA Policy, which the Outlook app does not request.

Robert_Sudbury · ‎Jul 25 2023

Has the limitation on erasing data been confirmed? This is a rather alarming message to receive on a personal device.

jrng · ‎Jul 25 2023

it is from the exchange online mobile policies. disable it if use intune.

randallking · ‎Nov 17 2023

This doesn't seem puzzling at all. Microsoft Exchange (the technology that powers Outlook.com for consumers and Microsoft 365 email) has a feature that lets you remotely wipe (erase) a mobile device. The user can typically do this through Outlook on the web by going into settings > General > Mobile devices.

In order for the remote wipe to work, the Outlook app or native email app must have device admin rights to erase the entire phone or tablet.

In an enterprise, admins can also set policies to require a complex passcode, require encryption, and so forth. This lets them have some degree of security over enterprise data that may be in the email, calendar, contacts, etc. apps. The policies are enforced by using this device admin privilege.

Why is "Activate device admin app" displaying when setting up Outlook on Android?

Why is "Activate device admin app" displaying when setting up Outlook on Android?

Re: Why is "Activate device admin app" displaying when setting up Outlook on Android?

Re: Why is "Activate device admin app" displaying when setting up Outlook on Android?

Re: Why is "Activate device admin app" displaying when setting up Outlook on Android?

Re: Why is "Activate device admin app" displaying when setting up Outlook on Android?

Re: Why is "Activate device admin app" displaying when setting up Outlook on Android?

Re: Why is "Activate device admin app" displaying when setting up Outlook on Android?

Re: Why is "Activate device admin app" displaying when setting up Outlook on Android?

Re: Why is "Activate device admin app" displaying when setting up Outlook on Android?

Re: Why is "Activate device admin app" displaying when setting up Outlook on Android?

Re: Why is "Activate device admin app" displaying when setting up Outlook on Android?

Re: Why is "Activate device admin app" displaying when setting up Outlook on Android?

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Why is "Activate device admin app" displaying when setting up Outlook on Android?