We've a problem with Applying Conditional Acces, and Android Devices.
"UserA@keyman .com" is a member of group "GroupA". GroupA has some Conditional Acces Policies
- Restrict SharePoint
- Block Legacy
So the What If results are
The problem is that the users of GroupA have to re-authenticate every 1 or 2 hours on a Android Device.
The Error in Azure-AD is
On iOS (Same Conditional Acces Policy) the problem does not excist.
First I thought that my ADFS infrastructure was the problem, because (test)users like userb@keyman .onmicrosoft.com doesn't have the problem.
So last week we migrated from ADFS to Passtrough Authentication. But the problem still excist.
Tried so far
- Excempt ADFS infrastructure
- Multiple Android Version (5,7,9)
- Multiple Users (@*.onmicrosoft.com accounts does not have the problem)
- iOS devices (no problems)
- Windows devices (no problems)
- Registred Android device (work profile) (Also works fine)
- Change passwords
- Contact Microsoft (Conditionial Acces policies are fine, please contact Android Outlook)
Can somebody get me in the right direction ?
Has the device been enrolled with In-Tune ?
When you are using Bluemail from the device, you are ideally making a browser /authentication call.
The device's are NOT enrolled in Intune. This is a byod scenario.
The Company Owned devices (who are enrolled in Intune) does not have the problem.
Bluemail does the excact same login screens as Outlook both ModernAuthentication
I've test 2 new scenarios.
Created the CA policy's on a other Azure AD tenant. Result = Same Problem
Created the CA policy's on a other Azure AD tenant which has only password hash sync. Result = This work''s fine
Sign in to comment