This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I've been struggling a bit with testing Conditional Access and Application Protection policies in our organization. I have been testing on Android and with two different user accounts: one with Azure AD Premium P1 and Intune, and the other without. My questions:
I'm confused because it seems like the App Protection policy gets applied sometimes when the Company Portal app is just installed and not signed into.
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 90%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 69%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERJ%3C/text%3E%3C/svg%3E)
Company portal app acts as a broker on Android devices for APP while it is the authenticator app on iOS. In case of Android you just need Company Portal installed for APP to apply. Sign-in is not required. The user will need an Intune license in order for Intune policies to apply.
Thanks. Just to clarify, for APP to apply on an iOS device, do you need the Company Portal app on it? Or does it happen automatically? OR...do you need the Company Portal app and also sign in?
This is a separate question, but I tried applying the "App PIN when device PIN is set = Not Required", but it still required the app PIN even though a device PIN was set. The device was not registered with the Company Portal app. Does it need to be enrolled into Intune for this to work?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 13%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
@Anonymous Thanks for posting in our Q&A.
The Company Portal app is required by Intune mobile application management (MAM) scenarios. On Android devices, the Authenticator app includes functions of the broker and might be used as the broker in some situations, such as when the Authenticator was installed before the Company Portal app.
https://learn.microsoft.com/en-us/mem/intune/protect/app-based-conditional-access-intune
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.