Intune MAM Policy - Third party app login gets blocked

Question

Hi,

We have MAM policies now in place now for already few months, but recently we have some complains about a scenario we didn't cover during our pilot rollout.

I will try to explain what happens: a third party app on the mobile devices (nothing to do with office365 apps, and in theory not included in the policy) is doing a login authentication via brower, when opening for the first time. Some of the users have edge as default browser and have their corporate account as profile in that browser. I think that the mam policy kicks in here and doesn't send the login token back to the third party app. (because of the edge browser and that counts as a office365 app included in the mam), So, the user cannot login into the third party app, that has nothing to do with any corporate data, or office365 application, unless they swap to different default browser.

This was our initial policy

Prevent backups: Block

Send org data to other apps: Policy managed apps

Save copies of org data :Block

I already tried to exempt edge and authenticator by trying following policy but with no luck:
Prevent backups: Block

Send org data to other apps: Policy managed apps

Select apps to exempt

Microsoft Edge: com.microsoft.emmx

Microsoft Authenticator: com.azure.authenticator

Save copies of org data: Block

Anyone else has any ideas, what the main solution will be. Since we cannot start exempting all the apps that are working this way to authenticate and we cannot just tell all the users to stop using edge browser. At the end it is still their personal devices, and using a third party app that has nothing to do with the company.

thanks already for any feedback

greetings

Moved from: Microsoft Edge | Other | Android

Answer 1

It sounds like you're encountering issues with your Intune MAM policies affecting third-party app authentication when using Microsoft Edge as the default browser. Since Edge is considered a managed app under your MAM policies, it may indeed be blocking the authentication tokens from being sent back to the third-party app.

Here are a few suggestions to address this issue:

1. Review MAM Policy Settings: Ensure that your MAM policy settings are correctly configured to allow for third-party app authentication. You might need to adjust the settings related to data sharing between managed and unmanaged apps.
2. Exempt Specific Apps: While you mentioned trying to exempt Edge and Authenticator, consider reviewing the specific app identifiers and ensuring that they are correctly entered. You may also want to check if there are additional settings that need to be configured for third-party apps that use web authentication.
3. User Education: While it may not be ideal, educating users on the need to switch to a different browser for specific third-party app logins could be a temporary workaround until a more permanent solution is found.
4. Feedback to Microsoft: If this issue persists, consider reaching out to Microsoft support for further assistance. They may have insights or updates regarding known issues with MAM policies and Edge that could help resolve your situation.
5. Testing with Other Browsers: Encourage users to test the authentication process with other browsers to confirm that the issue is specifically related to Edge and the MAM policies.

By refining your MAM policy and possibly adjusting the exemptions, you may be able to resolve the login issues without needing to ask users to change their default browser permanently.

---

References:

• Require an app protection policy on Windows devices
• Troubleshooting app protection policy deployment in Intune