Why is "Activate device admin app" displaying when setting up Outlook on Android?

Occasional Contributor

Hi Everyone,

I'm not very experienced with the Intune product set and within my tenant I don't have admin access to manage any settings related to mobile access management.

 

From the beginning of this week, I'm receiving reports from people installing the Outlook for Android app and connecting to our tenant that they are seeing an additional "Activate device admin app" screen that we were not expecting to see.

 

The screen is that which is displayed at the following URL https://support.office.com/en-us/article/set-up-email-in-the-outlook-for-android-app-886db551-8dfa-4...

 

831894c6-6d45-4acd-b119-376e39624f8b

None of the admins have reported making any changes at tenant level. 

 

Are there any reasons why this message will have started appearing at this stage? 

 

Could Microsoft have made a change to the configuration settings? (perhaps one that has been announced already)

 

Thanks everyone.

8 Replies

@Counie i believe that is going from Exchange. Could you check if there are any MDM or EAS settings applied?

@Alexander Vanyurikhin I dont' have visibility over admin settings. i just have to take other peoples word for it :)

 

Is there a resource that I could direct our admin to so that they would know what to check?

 

is it a case of googling EAS and MDM policy settings for Exchange Online..

 

I'll give it a shot.

 

 

Hi All,

 

What happened here is that a policy had been applied all along.. and we didn't notice it on the front end because everyone who tested the installation process did so on a mobile device that met the minimum requirements of the policy (mostly they were IT staff)

 

It's not clear to me who actually set the policy originally , or if in fact anyone in our team manually configured this policy at all .

 

However, when non-IT end users started to install Outlook .. in all cases it was on the Android platform .. we started to notice the "Outlook Device Policy" screens appearing.

 

Eventually we determined that it was because their devices (these are all unmanaged personal devices) DID NOT meet the minimum standard of the policy. So the approach now is that if they don't meet the minimum standard.. they don't get to connect the app to our tenant.

@Counie 

What bothered me was the msg that states (" DELETE ALL DATA") "Erase the phones data without warning by performing a factory data reset" .. what the???

So I was very cautious to that info and just clicked "cancel"

Has anybody agreed to the terms and conditions and experienced anything negative ?

@Meral321  I'll prefer not to setup outlook on my personal device which say (" DELETE ALL DATA").

@Counie  Could you please help where this policy is located that was causing this issue?

@Meral321 

 

It is difficult to explain why Android presents that possibility to the user that their personal data will be wiped, but it actually won't be. So don't worry. Outlook doesn't contain a specific policy "OS call" that would trigger such a thing. It's an app-level wipe, not a phone wide wipe. It could remove all Outlook app data that's synced from the work servers if too many incorrect password attempts occur at the lock screen.

 

These are the four policies enacted when a user grants device admin privileges to Outlook.

 

1. Encrypted-storage

2. Force-lock

3. Limit-password

4. Watch-login

 

The three policies that can wipe your device are setMaximumFailedPasswordsForWipe and two wipeData methods. All three of these require the USES_POLICY_WIPE_DATA Policy, which the Outlook app does not request.