How to bypass re-entering mail profile password and accepting certificate

Question

Hi Team,

As we are implementing Intune for managing mobile devices, I'm stuck with one problem.

We would like to enable a combination of Conditional Access and APP Protection policy to prevent unmanaged devices to have access to Exchange Online, OneDrive, SharePoint.
When I was testing this I came across smaller issue. If user has already enrolled device and Conditional Access and APP Protection policy is applied to that user he or she needs to re-enter password ( for a mail profile that already exists) and accept some sort of certificate (I think it's from Exchange online). When for some cases it's enough if user accepts certificate, while some users have to re-enter password and accept certificate.

How this can be avoided as I wouldn't like to spam more then 2000 users with re-enter password and accept certificate notifications.

Answer 1

Hello @Dan

Thanks for bringing this concern here!

I would suggest to try using the next feature on your scenario.

Configurable token lifetime policy only applies to mobile and desktop clients that access SharePoint Online and OneDrive for Business resources, and does not apply to web browser sessions. To manage the lifetime of web browser sessions for SharePoint Online and OneDrive for Business, use the Conditional Access session lifetime feature. Refer to the SharePoint Online blog to learn more about configuring idle session timeouts

The URL is the one below:

https://learn.microsoft.com/en-us/azure/active-directory/develop/configure-token-lifetimes

BR,

Answer 2

Hello @Dan

I hope you are great!

I am wondering if you need further assistance and if yes, we can help you to address it.

BR,