Continous Re-Authenticate Android Devices

Sjoerd Derks 1 Reputation point
2019-12-02T12:16:49.527+00:00

We've a problem with Applying Conditional Acces, and Android Devices.

"UserA@keyman .com" is a member of group "GroupA". GroupA has some Conditional Acces Policies

  1. Restrict SharePoint
  2. Block Legacy

So the What If results are

alt text

The problem is that the users of GroupA have to re-authenticate every 1 or 2 hours on a Android Device.

The Error in Azure-AD is

alt text

On iOS (Same Conditional Acces Policy) the problem does not excist.

First I thought that my ADFS infrastructure was the problem, because (test)users like userb@keyman .onmicrosoft.com doesn't have the problem.

So last week we migrated from ADFS to Passtrough Authentication. But the problem still excist.

Tried so far

  • Excempt ADFS infrastructure
  • Multiple Android Version (5,7,9)
  • Multiple Users (@*.onmicrosoft.com accounts does not have the problem)
  • iOS devices (no problems)
  • Windows devices (no problems)
  • Registred Android device (work profile) (Also works fine)
  • Change passwords
  • Contact Microsoft (Conditionial Acces policies are fine, please contact Android Outlook)

Can somebody get me in the right direction ?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,456 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 33,801 Reputation points Microsoft Employee
    2019-12-11T01:41:02.31+00:00

    It seems like it might be unable to check for compliance, or there might be a policy or control in place that could be causing this. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/conditions

    Are you able to pull the Azure AD sign-in logs and compare the authentication attempts?

    0 comments