Microsoft 365 Admin App Protection
Hello, We're having an issue where the Microsoft 365 Admin / Office 365 Management app is not being App Protected and therefore we're unable to log in based on our CA policy to require app protection. All other apps work and Microsoft 365 Admin shows up and is applied in the App Protection Profile, but the sign in fails with the error below. Reviewing the sign in logs, the login is correlated to the application "Office 365 Managment" and that application does not show in App Protection or Conditional Access. Failure reason Application needs to enforce Intune protection policies. Additional Details MFA requirement satisfied by claim in the token Does anyone have this problem? I didn't find much on the topic and I don't know if Microsoft is aware or working to resolve the issue. The only work around we have is to exclude the end user from the CA Policy requiring App Protection but that weakens our security.
CA policy enforcing users to use Edge browser on Co-owned devices
I'm trying to give control over while they're on personal devices, enforcing an app protection policy for edge, but still this policy is enforcing to use edge on co-owned devices, I have already excluded co-owned devices from the CA policy
Intune for BYOD mobile and Cross tenant compliance
We have 3 separate companies/tenants, and employees need to access mail from each tenant on a single iOS/Android device, with a CA policy requiring compliance or app protection policy. . I understand that Intune MAM currently will not work, but is on the road map for later this year for iOS (not sure on Android) Does Web based / JIT for BYOD work on iOS if I setup Cross-tenant access and enable "Trust compliant devices" trust setting? Or do we have to do full device based MDM enrollment? If not, what do I need to do in this scenario?Podcast Microsoft Ignite E05: Agent Builder
Excited to have Pascal Brunner join me in my Ignite series, where we dive into one of the hottest announcements AgentBuilder In this episode, we break down: -What AgentBuilder is all about. -How it empowers organizations with AI-driven automation. -Key takeaways YOUTUBE https://youtube.com/@shadykhorshed?si=c8CLxoCjMfUMfA19New Blog Post: Android: Browser Access to be Enabled by Default for All Android Users
🔐#Android in #msintune: Upcoming Security Update for Microsoft Entra ID on Android! Starting July 2025, Microsoft Entra ID device registration will be hardware-bound, enhancing security and automatically enabling browser access. 🚀 Key Changes: ✅ Device identities will be tied to hardware for stronger security. ✅ Enable Browser Access (EBA) will be retired. ✅ Browser access will be enabled by default during registration. 📌 No action needed—this change will be applied automatically! Stay informed and prepare for a more secure device registration process. #MicrosoftIntune #MicrosoftEntraID #Android #mvpbuzz https://www.linkedin.com/pulse/microsoft-entra-browser-access-enabled-default-all-android-khorshed-5d8ee?utm_source=share&utm_medium=member_ios&utm_campaign=share_via
Non persistent session on not joined devices
Hi, how do I create a conditional access policy within intunes that requires a non joined device and then specifies the persistent browser session to "never persistent". As I look ath the settings I am only be able to set "Require Microsoft Entra hybrid joined device". Thanks Cheers, heinzelrumpelAndroid Personal Devices enrollment in Microsoft Intune
Hi, I want to enroll Android personal devices for my employees who use their phones to access company data like teams and mails. I need that even those who are already access outlook mobile with unmanaged devices be forced to enroll them before they access my company data. I have tried the following. Created managed google play account Turned on automatic enrollment Turned on: Personal and corporate-owned devices with device administrator privileges Created a device platform restriction policy which pointed to dynamic device group Created a compliance policy blocking rooted devices and requiring a password to access company apps Created a Conditional Access policy in Entra ID which requires devices to be marked as compliant before accessing any cloud app. This policy is pointing to a dynamic device group. I had first assigned it to all users, but it didn't work out. With the above settings, devices can enroll but even those which are not enrolled still have access to the cloud apps. How can I force those unmanaged devices not to access the company mails and teams, and then prompt them to download a company portal app and enroll their BYOD/Personal devices? NB: I have achieved the above on iOS but Androids failed Please advise me.
