Salesforce Android Mobile App - Intune Compliance

Chris Fors 1 Reputation point
2020-07-30T17:13:35.683+00:00

I have been unable to create a configuration using Intune MDM where the Salesforce mobile App in the Android Work container is evaluated as compliance. The logs indicate that Salesforce, in their Android Mobile App, presents a browser agent string that isn't Edge, Chrome or the Intune Managed Browser. The agent string reflects Apache Cordova SDK. Thus, after enrolling the device and deploying the Salesforce App into the Android Work container, I can't use Azure Conditional Access rules to allow this Salesforce App based on device enrolment and compliance.

This is a bit of a showstopper as the Company doesn't want users to be able to use the app on devices or in a state where the mobile device policy is not applied.

I've also tried using Palo Alto GlobalProtect VPN, for a trusted IP address approach, but that runs into other significant issues including SSL errors during Azure authentication. But Intune and Salesforce have been around for years and they should have learned to play nicely by now.

Two possible solutions:

  • Microsoft provide methods to add additional browser agent strings in its Conditional Access / Intune software stack.
  • Salesforce revise their App to present a standard browser agent string.

Ideas welcome.

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,221 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Peter Daalmans 16 Reputation points
    2020-08-13T12:09:07.003+00:00

    You are right that Salesforce need to revise their app to support MSAL libraries, or maybe use the solution of Workday which allows an external browser for authentication. Which works great for Workday.

    I don't know the Salesforce app that well but is the mobile web experience via a browser not usable for the endusers?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.