Thank you for providing details on ask. As you mentioned that your app is using WebView to authenticate the user through Azure AD. There would be following reasons for it on Android device:
- Your application is not integrated with Microsoft broker apps.
- On Android, the Microsoft Authentication Broker is a component that's included in the Microsoft Authenticator and Intune Company Portal apps.
- Integrating with a broker provides the following benefits: Device SSO Conditional Access for: Intune App Protection, Device Registration (Join Type) , MDM state (Managed) Device-wide Account Management via Android AccountManager & Account Settings and "Work Account" - custom account type
- As per WebView
When using the in-app WebView, the user signs in directly to the app. The tokens are kept inside the sandbox of the app and aren't available outside the app's cookie jar. As a result, the user can't have SSO experience across applications unless the apps integrate with the Authenticator or Company Portal.
Suggestion: Kindly follow Enable cross-app SSO on Android using MSAL for integration your app with Microsoft Authentication Broker
- If above condition is met then other issue could be if application is running outside work profile after being enrolled to Intune.
- When application is signed in within work profile container on Android device, it authenticates via broker application, hence device information (device ID, join type etc.) is ingested through the session.
On Azure AD device information is ingested:
- When application is signed in outside work profile container on Android device, it does not use broker app for authentication, hence device information (device ID, join type etc.) is are not ingested through the session.
Please do let me know if you have any further queries in the comments section.
Thanks,
Akshay Kaushik
Please "Accept the answer" (Yes/No), and share your feedback if the suggestion works as per your business need. This will help us and others in the community as well.