kanishkaBagga
commented
5 months ago We are Looking into this.
Closed sandeep-kumar-eptura closed 3 weeks ago
kanishkaBagga
commented
5 months ago We are Looking into this.
sandeep-kumar-eptura
commented
5 months ago @kanishkaBagga any updates?
kanishkaBagga
commented
3 months ago @sandeep-kumar-eptura -Whenever the app adds an account, it must register the account with the SDK. Likewise, whenever the app removes an account, it should unregister that account to indicate that the app should no longer apply policy for that account. If the account was enrolled in the MAM service, the account is unenrolled and the app will be wiped.
void registerAccountForMAM(String upn, String aadId, String tenantId); void registerAccountForMAM(String upn, String aadId, String tenantId, String authority); void unregisterAccountForMAM(String upn, String aadId); Result getRegisteredAccountStatus(String upn, String aadId);
To register an account for management, the app should call registerAccountForMAM(). An account is identified by both its UPN and its Microsoft Entra user ID. The tenant ID is also required to associate enrollment data with the account's Microsoft Entra tenant. The account's authority may also be provided to allow enrollment against specific sovereign clouds The SDK may attempt to enroll the app for the given account in the MAM service; if enrollment fails, it will periodically retry enrollment until enrollment succeeds or the account is unregistered. The retry period will typically be 12-24 hours. The SDK provides the status of enrollment attempts asynchronously via notifications.
The best time to call registerAccountForMAM is after the user has signed into the app and is successfully authenticated using MSAL. The account's Microsoft Entra user ID, tenant ID and authority are returned from the MSAL authentication call as part of the The account comes from the IAuthenticationResult.getAccount() method and contains the pertinent account information. The AAD ID (also known as Microsoft Entra ID or OID) comes from the IAccount.getId() method. The tenant ID comes from the IAccount.getTenantId() method. The authority comes from the IAccount.getAuthority() method. To unregister an account from Intune management, the app should call unregisterAccountForMAM(). If the account has been successfully enrolled and is managed, the SDK unenrolls the account and wipe its data. Periodic enrollment retries for the account will be stopped. The SDK provides the status of unenrollment requests asynchronously via notification.
kanishkaBagga
commented
3 months ago @sandeep-kumar-eptura, Please let us know if this resolves your concern, and we can close the issue
Intune Android App SDK Policy Enforcement Issue
Questions to Ask Before Submission
Summary
I'm trying to unenroll user on logout but policies are still being delivered to app.
Logs
Please reference the specific exit criteria scenario that is failing.
Repro Steps
Please provide concrete steps to reproduce the issue you are encountering.
1.
Expectation:
Clear MAM policies on unenrollment
Observation:
Clearing Company Portal required.Logs Found cached app config data, returning it. removing account aOS@Eptura749.onmicrosoft.com;b9f78416-5ba0-4318-8182-9b446898e3f0 Unenrolling application for identity aOS@Eptura749.onmicrosoft.com;b9f78416-5ba0-4318-8182-9b446898e3f0, wipe reason APP_UNENROLLMENT. Clearing MAM enrollment status for identity aOS@Eptura749.onmicrosoft.com;
Clearing Company Portal required.
Details
Logs
Company Portal Logs
Incident ID: DAQTFN7S For guidance, see Report a problem in Company Portal or Intune app for Android.
Screenshots and Recordings
If screenshots and/or recordings would help explain the behavior, please include them here.
AndroidX Dependencies
If your app includes any AndroidX libraries, please list them here, along with the version info:
Third-Party Library Dependencies
If your app includes any third-party libraries, please list them here, along with the version info: