Continous Re-Authenticate Android Devices

Question

We've a problem with Applying Conditional Acces, and Android Devices.

"UserA@keyman .com" is a member of group "GroupA". GroupA has some Conditional Acces Policies

1. Restrict SharePoint
2. Block Legacy

So the What If results are

The problem is that the users of GroupA have to re-authenticate every 1 or 2 hours on a Android Device.

The Error in Azure-AD is

On iOS (Same Conditional Acces Policy) the problem does not excist.

First I thought that my ADFS infrastructure was the problem, because (test)users like userb@keyman .onmicrosoft.com doesn't have the problem.

So last week we migrated from ADFS to Passtrough Authentication. But the problem still excist.

Tried so far

• Excempt ADFS infrastructure
• Multiple Android Version (5,7,9)
• Multiple Users (@*.onmicrosoft.com accounts does not have the problem)
• iOS devices (no problems)
• Windows devices (no problems)
• Registred Android device (work profile) (Also works fine)
• Change passwords
• Contact Microsoft (Conditionial Acces policies are fine, please contact Android Outlook)

Can somebody get me in the right direction ?

Answer 1

It seems like it might be unable to check for compliance, or there might be a policy or control in place that could be causing this. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/conditions

Are you able to pull the Azure AD sign-in logs and compare the authentication attempts?