Intune and Andoid 10 : Outlook force user to set a PIN code to unlock smartphone

Valentin Pannatier 96 Reputation points
2021-06-21T12:13:38.08+00:00

Hello to all,

I use Intune to manage Android smartphones. I force for example to the users to put an unlocking screen on their phone (schema, fingerpint, pin code, at choice...)

With Android 8 and 9 everything is fine. On the other hand, I notice a problem with Android 10. When I set up an account but in the Outlook application for Android, I can't add the account without putting a minimum 4 digit PIN code to unlock my phone. Whereas with other versions of Android I can add my email account in Outlook and still have my preferred unlock screen on my phone.

Why this behavior with Android 10? (I checked all my restriction rules, and if I deactivate them all the problem remains)

Thanks in advance for your help.

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,712 questions
0 comments
Accepted answer
  1. Valentin Pannatier 96 Reputation points
    2021-06-25T06:37:20.713+00:00

    @Lu Dai-MSFT

    Thank you for your answer.

    But in the meantime I found the solution to my problem in an article from Microsoft.

    In fact, from Android 10 there are changes in the security management according to the article : "With Android 10.0 and later, Android has removed device admin functionality. Instead, apps that require a screen lock query the device's (or the work profile's) screen lock complexity using the getPasswordComplexity API. Apps that require a stronger screen lock direct the user to the system screen lock settings, allowing the user to update the security settings to become compliant. At no time is the app aware of the user's password; the app is only aware of the password complexity level. "

    https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/exchange-activesync/mobile-device-mailbox-policies

    So that's why the changes to be made are on the Exchange server and not on Intune:
    109187-image.png

    I hope this helps others.

    Regards

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lu Dai-MSFT 28,341 Reputation points
    2021-06-22T01:50:34.947+00:00

    @Valentin Pannatier Thanks for posting in our Q&A. From your description, did you mean that other versions of Android can the add email account directly, while the Android 10 device needed to enter PIN first and then we can add the email account? If there is anything misunderstanding, feel free to let us know.

    To clarify this issue, we appreciate your help to collect some information:

    1. Did you use the same user to enroll these Android devices?
    2. Please check if an App protection policy about outlook is deployed to the user that enroll the android 10 device.

    If there is anything update, feel free to let us know.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.