This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 50%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERY%3C/text%3E%3C/svg%3E)
I'm configuring a tiny Intune tenant and have enforced the default policy to either "Require an approved app" or "Require app protection policy" in Conditional Policies.
In Intune, there is an app protection policy that applies to all applications.
So far, so good.
So I have approved Defender App, set it to required by all users and made it a part of compliance policy for Android.
What happens on my Xperia 1 VI is (either during enrollment or in existing profile), Defender is prompting to select a user and requires to authenticate. After authenticating successfully, I get the following message:
You can't get there from here.
It looks like you're trying to open this resource with an app that hasn't been approved by your IT department...
Despite the following article, claiming this (the app ID in the troubleshooting details of the error message is exactly as in the article below):
You can use the Microsoft Defender for Endpoint app with the approved client app policy in Intune to set the device compliance policy to Conditional Access policies. There's no exclusion required for the Microsoft Defender for Endpoint app while you're setting up Conditional Access. Although Microsoft Defender for Endpoint on Android and iOS (app ID dd47d17a-3194-4d86-bfd5-c6ae6f5651e3) isn't an approved app, it has permission to report device security posture. This permission enables the flow of compliance information to Conditional Access.
Grant controls in Conditional Access policy - Microsoft Entra ID | Microsoft Learn
If I disable "Require an approved app" condition in the Conditional Access policy, I get the following message:
You can't get there from here.
It looks like you're trying to open this resource with a client app that is not available for use with app protection policies...
I cannot make exceptions for Defender app, as it doesn't show up in the list of the applications listed in Conditional Access Policy. Not even with Microsoft Graph - it doesn't allow to add well-known ID of the Defender App, complains it is invalid application.
So is there any chance to sign-in to Defender on Android, while requiring approved app or app protection policy?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 61%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
@Ross-Y Thanks for posting in our Q&A.
Honestly, I haven't met this issue. This issue involves multiple products. To avoid any misleading, it is suggested to create an online support ticket to get more accurate help. Here is the support link:
https://learn.microsoft.com/en-us/mem/get-support
Hope everything goes well with you.