This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We've a problem with Applying Conditional Acces, and Android Devices.
"UserA@keyman .com" is a member of group "GroupA". GroupA has some Conditional Acces Policies
So the What If results are
The problem is that the users of GroupA have to re-authenticate every 1 or 2 hours on a Android Device.
The Error in Azure-AD is
On iOS (Same Conditional Acces Policy) the problem does not excist.
First I thought that my ADFS infrastructure was the problem, because (test)users like userb@keyman .onmicrosoft.com doesn't have the problem.
So last week we migrated from ADFS to Passtrough Authentication. But the problem still excist.
Tried so far
Can somebody get me in the right direction ?
Update when I use Bluemail on the same device with the same user. The problem does not excist.
It seems like it might be unable to check for compliance, or there might be a policy or control in place that could be causing this. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/conditions
Are you able to pull the Azure AD sign-in logs and compare the authentication attempts?
@Sjoerd
Has the device been enrolled with In-Tune ?
When you are using Bluemail from the device, you are ideally making a browser /authentication call.
The device's are NOT enrolled in Intune. This is a byod scenario.
The Company Owned devices (who are enrolled in Intune) does not have the problem.
Bluemail does the excact same login screens as Outlook both ModernAuthentication
I've test 2 new scenarios.
Created the CA policy's on a other Azure AD tenant. Result = Same Problem
Created the CA policy's on a other Azure AD tenant which has only password hash sync. Result = This work''s fine
Sign in to comment