Share via

Unable to add MFA-enabled work email to Android Outlook app

Pedro K 1 Reputation point
2021-01-17T15:59:45.097+00:00

Hi,

I am trying to add my O365 work email account to the Outlook app of an Android device I have and it’s not working. I am using Multifactor authentication. I get an error ‘This account can’t be added because you need to install Intune Company Portal’. It fades away and then Outlook app closes. Try again and the same thing happens. And so on.

Company Portal is installed despite what the error says. I have seen this error on Android devices throughout the estate (there aren’t many), but it’s not consistent. I have successfully added MFA-enabled work accounts to Androids before, including my own Samsung Galaxy last year (failed at some point and I couldn't re-add ; would get this same error). I want to lick this problem once and for all. I have zero issues with iPhones.

I should note that I’m using Android 9 on a Moto G6, and the latest Outlook app. But that doesn’t matter. It has been happening for a while now on multiple devices.
I have tried uninstalling and reinstalling the Company portal app. Same with Microsoft Authenticator and Outlook app. I have tried installing them in different sequence. I have tried removing all old/stale work profiles and devices from Azure AD and Microsoft Endpoint Manager and starting from scratch. Doesn’t work.

Steps taken: I launch the Company Portal app (padlock company version). My Work profile and device are registered and ‘in compliance’ (work profile also showing in Android Settings > Accounts. I launch Microsoft Authenticator and verify that my work account is added and working. I launch Outlook app and try adding the account. Error every time upon submitting email address. Microsoft Endpoint Manager doesn’t show any enrollment failures under my account.

I would greatly appreciate any assistance you can provide.
Thanks

Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
5,072 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,320 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 46,271 Reputation points Microsoft Vendor
    2021-01-18T02:20:07.067+00:00

    @Pedro K , From your description, I find our issue is when add O365 account, an error "The account can't be added because you need to install Intune Company Portal" on Andorid device. On Iphone device it is working. Also, for the compliant Android device, it also get error when add Office 365 account.If there's any misunderstanding, feel free to let us know.

    For our issue, I guess one possible cause can be that conditional access policy is configured which may cause our issue.

    Here, we suggest to collect the following information to clarify:

    1. Please check if there's any Conditional access policy is configured and assigned to the user group which include our user? If yes, please get screen shots of the detailed settings.
      57435-image.png
    2. Check the Sign ins report for the affected user we test and see if the access failure has recorded here and get the details of the failure.

    57481-image.png
    Please check the above information and if there's any update, feel free to let us know.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Pedro K 1 Reputation point
    2021-01-18T23:50:44.37+00:00

    Hi,

    Thanks for writing back. I checked the Sign-ins report after just having tried it again (unsuccessfully) and there is nothing in there! I searched under User sign-ins (interactive) and User sign-ins (non-interactive). Nothing comes up under my user ID. So if it a result of a conditional access policy, it does not lead to a login block.

    I did look under conditional access policies. We have quite a few enabled. Unfortunately, the consultants who set this all up have left the company (pandemic crushed our staff) so I don't know what each of these do. But if it was a conditional access policy blocking me, wouldn't I see this on the sign ins report?

    57854-image.png

  3. Pedro K 1 Reputation point
    2021-01-19T15:57:00.743+00:00

    Hi,

    I believe this CA is a Mac-only policy. See image below. There is a user group assigned to it called 365_MacOS_approved_users. Under Conditions, the Device platform selected is MacOS only. If this were the cause, wouldn't I see that in the Sign in logs? Wouldn't it say that login failed due to a conditional policy? But I do not see a failed login.

    I'm not sure what you mean when you ask "Could you check what is the error when add the account"? The error is the same one I have always gotten which is "The account can't be added because you need to install Intune Company Portal". This happens when I try to add the O365 account on the Outlook app.

    I should tell you that we do have a bunch of devices working on Android. We have other devices that cannot use Android (they get this exact error) even though they are enrolled and compliant. Even on this one device, I was able to get it working a couple of weeks ago (after 20 different attempts of uninstalling, reinstalling and modifying settings). I thought I had the problem solved. I removed all apps and all entries from AAD and InTune. Started fresh. No luck. I have tried so many things but it keeps failing. That's why I want to solve this once and for all.

    Thanks for your help

    58243-image.png