How to bypass re-entering mail profile password and accepting certificate

Dan 81 Reputation points
2022-04-19T14:09:28.56+00:00

Hi Team,

As we are implementing Intune for managing mobile devices, I'm stuck with one problem.

We would like to enable a combination of Conditional Access and APP Protection policy to prevent unmanaged devices to have access to Exchange Online, OneDrive, SharePoint.
When I was testing this I came across smaller issue. If user has already enrolled device and Conditional Access and APP Protection policy is applied to that user he or she needs to re-enter password ( for a mail profile that already exists) and accept some sort of certificate (I think it's from Exchange online). When for some cases it's enough if user accepts certificate, while some users have to re-enter password and accept certificate.

194259-image.png

How this can be avoided as I wouldn't like to spam more then 2000 users with re-enter password and accept certificate notifications.

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,571 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,092 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. risolis 8,701 Reputation points
    2022-04-20T03:03:32.17+00:00

    Hello @Dan

    Thanks for bringing this concern here!

    I would suggest to try using the next feature on your scenario.

    Configurable token lifetime policy only applies to mobile and desktop clients that access SharePoint Online and OneDrive for Business resources, and does not apply to web browser sessions. To manage the lifetime of web browser sessions for SharePoint Online and OneDrive for Business, use the Conditional Access session lifetime feature. Refer to the SharePoint Online blog to learn more about configuring idle session timeouts

    The URL is the one below:

    https://learn.microsoft.com/en-us/azure/active-directory/develop/configure-token-lifetimes

    BR,

    0 comments No comments

  2. risolis 8,701 Reputation points
    2022-04-21T04:17:40.027+00:00

    Hello @Dan

    I hope you are great!

    I am wondering if you need further assistance and if yes, we can help you to address it.

    BR,

    0 comments No comments