Android Work profile error message saying " There are no apps currently configured on this devices that your organisation allows to open this content....

Question

I am trying to use SSO for the Udemy app in an Android work profile. During authentication, it opens the Microsoft Edge browser, but I receive an error stating: “There are no apps currently configured on this device that your organization allows to open this content.”

However, when I access the same app outside the work profile, SSO works correctly without any issues.

Answer 1

Welcome to Microsoft Q&A

Hello Irfan Hossain,

The error you are encountering is not a bug; it is the expected behavior of an Intune App Protection Policy (MAM) restricting data transfer between managed and unmanaged applications.

When you attempt to use SSO in the Udemy app within the Android Work Profile, the authentication request is handed off to Microsoft Edge. Because Edge is a "Policy managed app," it successfully processes the login. However, when Edge attempts to pass the authentication token/callback URI back to Udemy, the Intune App Protection Policy intercepts and blocks the payload.

This occurs because Udemy is an unmanaged app (it is not enlightened with the Intune SDK), and the policy applied to Edge likely has the Send org data to other apps setting restricted to "Policy managed apps" only.

To allow the SSO token to pass back to Udemy without compromising the entire organization's data transfer policy, your Intune Administrator must add a data transfer exemption for the Udemy app.

1. In the Intune Admin Center, navigate to Apps > App protection policies.
2. Select the Android policy that is currently assigned to Microsoft Edge.
3. Under the Data protection section, locate the Send org data to other apps setting.
4. Keep the primary setting as "Policy managed apps," but click on Select apps to exempt.
5. Add the Udemy Android package ID (e.g., com.udemy.android) to the exempt list and save the policy.

Image as an example;

Once the policy syncs to your device, Edge will be permitted to return the SSO payload to Udemy, completing the authentication flow.

😊 If my answer helped you resolve your issue, please consider marking it as the correct answer. This helps others in the community find solutions more easily. Thanks!

Answer 2

The message indicates that Intune app protection policies (MAM) in the Android work profile do not allow any managed app to receive the work/school data being opened from Udemy via Microsoft Edge.

In an Android work profile, users can share or open work data only between apps that are installed in the work profile and are allowed by Intune policies. Outside the work profile, this restriction does not apply, which is why SSO works there.

To resolve this, an Intune administrator needs to:

1. Verify that Udemy and Microsoft Edge are both installed inside the Android work profile (managed Google Play) and not only in the personal profile.
2. Check the Android app protection policy (MAM) assigned to the user:
   • Ensure the policy targets Udemy (if it is MAM-enabled) and Microsoft Edge as managed apps.
   • Under data transfer settings, make sure at least one other managed app is allowed to open or receive this type of content.
3. If necessary, create or update an app protection policy so that Edge (and any other required app) is included as an allowed receiving app for work/school data.
4. After policy changes, have the user refresh policies (open Company Portal in the work profile, sync, then retry sign-in from Udemy).

If no suitable managed app can be configured to open the content, SSO via the work profile will continue to fail with this message and the organization’s Intune admin must adjust the policy design.

---

References:

• Common data transfer issues and scenarios
• Troubleshooting app protection policy user issues