iOS Webkit 'WKWebView' is not supported to access the Sharepoint resources due to Intune managed device.

Anonymous
2023-03-31T09:15:36.4533333+00:00

I have a fully developed iOS application listed on the Appstore, in this application, we are accessing the Organisation Sharepoint sites and loading them to WKWebView (Apple iOS Webkit framework) it was working fine. after the Organisation added the Intune Conditional Access policy to iOS-managed devices, the iOS application has worked stopped. Now when we are trying to access the Sharepoint data in WKWebView we get the error "You can not access the resource from this browser please use Safari or Edge browser".

Now the problem is, the Safari browser works as a separate browser, always loads outside the app and we can not customise the frame of that. that's why we can not use the Safari browser in our app. Moreover, Apple doesn't support to use of the Edge browser in iOS development (we can install and use the Edge browser on iPhone but can not use it in development).

I have also noticed in Microsoft Official Sharepoint iOS application, they are still using the Webkit for loading the Sharepoint sites. when I logged in to the app on an unmanaged device I am getting the same problem in the Sharepoint app too. (screenshot attached) but when I tried on the managed device it was working and loading all the content in the Webkit browser.

How can we come up with a solution for this, any help can save my day.
Thanks in advance!

Sharepoint app

Below screenshot from Intune portal for the activity log details when we try to login in Webkit from our iOS app.
Screenshot 2023-03-31 at 2.40.03 PM

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,916 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,793 questions
Microsoft Intune iOS
Microsoft Intune iOS
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.iOS: An Apple mobile operating system.
190 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,747 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,768 questions
{count} votes

1 answer

Sort by: Most helpful
  1. D R 0 Reputation points
    2023-05-04T14:04:28.9966667+00:00

    I'm in corporate IT with my company, and we have this same issue regarding mobile apps that use SSO for authentication. When we initially rolled out Intune we had some key apps (SAP, SFDC, ...) that utilized SSO on the desktop, also working on their mobile app counterparts for Android and iOS. At that time SSO login for mobile apps worked fine.

    Recently we've been getting complaints about failed from these mobile apps logins. I've had a case open with MSS for a couple weeks now. The mobile app calls a webview to handle the SSO authentication. The webview always appears to be Mobile Safari (default browser setting in the OS makes no difference). Mobile Safari is unable to pull any of the Intune device information (DeviceID) so the Conditional Access policy can't determine if the device is Complaint. The webview also isn't showing as the app that called it. So if I try to exclude one of the affected apps (say SFDC) from the CA policy, it still fails because the webview doesnt identify itself as SFDC.

    Mind you some devices are still successfully gaining access via these mobile apps. There is no pattern discernable on which Android/iOS are successful vs the CA policy, and which fail. MS says this isn't officially supported ... even if it was working fine for 2 yrs. I've tried every trick I know of, but I'm stuck. If we can't force the webview to use Edge for the SSO auth, this may never work as expected for ALL mobile users again.

    0 comments No comments