This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 85%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
Hello,
Let me explain the situation. We have Android Enterprise - BYOD enrollments. We have conditional access in place which allows access on Microsoft only through Approved Apps.
We have an application called Dataminr Pulse and there is an SSO with our AzureAD. DAtaminr Pulse is published through Managed PlayStore. User downloads it, enter the company mail and federation site is opening. Write down the credentials, MFA prompt for authentication and then pop-up is appearing that Login is not allowed and should use Edge instead.
This is happening because, authentication process is based to Chrome which is also installed.
So I have 2 questions:
Regards,
Dimitris
Hello, Android WebView or Chrome cannot pass the require protected app condition. The solution is on the developer plate. To my knowledge, Android WebView relies on Chrome and changing the default brower to Edge won't fix the problem. The most straighforward solution will be to create a new policy that your device/application can comply. E.g. Require device to be marked as compliant.
Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Dimitrios Koliopanos Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back.
Hello,
Yes it's clear. I also raised the same under Azure AD support and @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA is helping me. thus this can be considered closed.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Dimitrios Koliopanos, Thanks for posting in Q&A.
Based on my research, I didn't find the app configuration key for Dataminr Pulse. To double confirm if there's any app configuration key on the app to change the SSO from chrome to Edge, please contact Dataminr Pulse support to see if they design this.
Meanwhile, if we set Microsoft Edge as Default Browser on Android, will the SSO use Edge instead of Chrome?
Note: Non-Microsoft link, just for the reference.
Please check the above information and if there's any update, feel free to let us know.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Unfortunatelly it doesn't work. Chrome is by default installed as we are talking about Android Enterpise enrollment. I cannot uninstall it but tried to disable it. It tried to open it again and came up with error.
I think, as I am not an App developer, that it uses webview to proceed with SSO login and this is why it fails. Since we have CA in place to allow login only from Approved apps and Chrome is not considered as approved app.
@Dimitrios Koliopanos, Thanks for the reply. Based on my test, we can disable chrome on Android Enterprise device. by touching the google chrome app and choose disable. You can try and see if it can stop using chrome in your situation.
@Crystal-MSFT Thank you for your comment. I tried it also,but it came up with an error. Application is using webview to do the SSO, which loads Chrome in background. It shows a notification "Running in Chrome". I excluded myself from the ConditionalAccess All CloudApps->Approved Apps and the SSO worked, obviously. Thus, a possible solution could be either a generic configuration which force the authentication to be done on Edge, either the upon login a prompt to be appeared in which browser the process should take place.
@Dimitrios Koliopanos, Thanks for the reply. Based on my research, I find there are configuration file to configure the authorization agent to use default browser. Here is a link with more details:
https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-android-single-sign-on
Not sure if it can help on your situation, You can contact Azure AD support to double confirm on this.
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/how-to-get-support
Thank you for your prompt reply @Crystal-MSFT . If I understood it well, app developer specifies where the MSAL authentication will take place. Webview or browser depending on the value specified. However it's not something that I can do, so I was wondering if somehow I can "drive" the authorization to take place on browser from Endpoint side. Keep in mind that's a public app and shared across the world, so a change on the configuration file of the application is a little bit difficult.
@Dimitrios Koliopanos, Thanks for the reply. I fully understand your feeling. But after my research, I didn't Intune side has this feature. Maybe you can contact AAD support to see if SSO side can give any more help.
Thank you for your reply. I will try my luck with AAD support and hope to find a resolution.
Regards,
Dimitris