When setting up Intune MDM for Android Devices for a customer, we ran into the issue of Outlook Mobile requesting Device Administrator rights, when started in the Work Profile.
The Client had used the Outlook Mobile app in the personal profile without any issues. For us, this happened when using the «personally-owned work profile» on these devices, but I assume this behaviour would also appear when using any of the corporate-owned enrollment profiles.
What’s the problem?
As management over Device Administrator is already deprecated for devices with Google Mobile Services (GMS), we weren’t able to give Outlook the Device Admin rights. Which lead to the Device Administrator prompt appearing every time, Outlook Mobile was started:
user@contoso.com requires Outlook to be activated as a device administrator to ensure that security requirements are met for your account.
When trying to activate, we were forwarded to the «Settings» app, where we had to confirm and enter the PIN/Biometric verification. On the next start of the Outlook Mobile app, the message appeared again.
What’s the solution?
Old M365 Tenants that possibly also migrated from Exchange On-Prem to Exchange Online have an active «Mobile device mailbox policy» in the Exchange Online admin Center. If the «Require a mobile device mailbox password» box is checked, the Device Admin message is triggered:
Why this policy does not apply to personal profiles, we do not know.
Sources:
Schreiben Sie einen Kommentar