search

microsoftconnect / ms-intune-app-sdk-android

Intune App SDK for Android enables data protection features and mobile app management via Microsoft Intune
44 stars 18 forks source link

App Configuration policy data before sign-in? #244

Open bgore opened 1 month ago

bgore commented 1 month ago

Is there any way to retrieve an App Configuration Policy custom setting for an organization before a user signs in?

Currently our application integrates with the Intune SDK as part of the build process. New work is making API calls to the SDK for silent token acquisition. For beta testing, I would like to fetch an organization/tenant parameter from Intune at application startup to A/B test the sign in process.

I have experimented with the the MAMAppConfigManager, but that does not appear to provide any data prior to authentication.

kanishkaBagga commented 3 weeks ago

I am looking into this

bgore commented 2 weeks ago

Any update? Additionally, even trying to fetch app configuration custom parameters after a user is signed in doesn't seem to work. I am using the code fragment from: https://learn.microsoft.com/en-us/mem/intune/developer/app-sdk-android-phase6#retrieving-app-configuration-from-the-sdk

bgore commented 2 weeks ago

@kanishkaBagga , I am trying to run this as a managed app, therefore there is no Work Profile. My understanding from the documentation was that this is possible. Please correct, if I am wrong.

kanishkaBagga commented 1 week ago

@bgore - You're correct. App Configuration Policies are designed to assign configuration settings to a policy that is then applied to end users before they run the app. However, retrieving these settings before user authentication can be challenging. The MAMAppConfigManager, as you mentioned, does not provide data prior to authentication, which aligns with the typical behavior of these policies.

If you need to retrieve configuration settings before user authentication, you might consider alternative methods such as leveraging device enrollment to push configuration settings to the device, using silent token acquisition with the Intune SDK, or developing a custom API to fetch the necessary settings at application startup. These approaches can help you achieve the desired outcome while working within the constraints of the Intune SDK and App Configuration Policies.

If you have any specific error messages or logs, those could provide more clues to diagnose the issue

Also, It is possible to run a managed app without a Work Profile. This setup is typically used in scenarios where the device is enrolled in Intune, but the Work Profile is not created. Instead, the app is managed directly by Intune policies. When running a managed app without a Work Profile, ensure that the app is correctly recognized as a managed app by Intune. This involves configuring the app to comply with Conditional Access policies and ensuring that the device is compliant with Intune policies.