The register account has failed because the Intune MAM SDK failed received a nil value for the user's account UPN.

[Jason-wonku-Ji]

Describe the bug: After logging into the account with MASL and receiving the token, I attempted to register the account using the registerAndEnrollAccount in the intune SDK. However, the following error occurs.

statusCode: IntuneMAMEnrollmentStatusCode(rawValue: 207) errorString : “The operation failed because the Intune MAM SDK failed received a nil value for the user's account UPN."

To Reproduce Steps to reproduce the behavior:

1. Login MASL
2. check token is passed.
3. try to call 'registerAndEnrollAccount'
4. See error

Expected behavior: A pop-up message indicating that security has been applied will automatically close the app, and after restarting, security will be applied.

Screenshots and logs: There are no screenshots of the problem occurring. The following error message and status code are sent.

statusCode : IntuneMAMEnrollmentStatusCode(rawValue: 207) errorString : “The operation failed because the Intune MAM SDK failed received a nil value for the user's account UPN."

Smartphone (please complete the following information):

• Device: [iPhone5th pad, ]
• OS: [ios 16.4, ios17.2] After checking on several devices, I think it is not a specific device or OS version.

Intune App SDK for iOS (please complete the following information):

• What version of the Intune SDK are you using? Are you using the latest version? 19.2.0 , 18.2.0

• What platform is your app based in (native, Xamarin based, Cordova, etc)? iOS , iPadOS

• For errors during build, does the app build without Intune SDK integration? There is no build error.

• For errors post build, does the app launch without being Intune SDK integrated?

• Who is the customer? I am trying to test through my account. (wonkuji@polarisoffice.com)

• Do you see a trend with it only being reproduced on a specific device? No

Additional context: As of now, this phenomenon is not visible on all devices. In some terminals, account registration proceeds normally and the protection policy is applied, but when testing with the same source in some other terminals, the above error message is displayed and the protection policy cannot be retrieved.

However, if you run the sample project below on a terminal that is not running and log in implemented in the project below, (https://github.com/msintuneappsdk/Chatr-Sample-Intune-iOS-App)

From then on, if you call registerAndEnrollAccount, account registration is progressing normally. After that, it continues to work fine even if I delete the app.

The guide document states that if MSAL is applied, registerAndEnrollAccount should be called after receiving the token, and if MSAL is not used, loginAndEnrollAccount should be used like Chatr-Sample-Intune-iOS-App.

And I looked for another case, and it seems to be almost identical to the case below. https://github.com/msintuneappsdk/ms-intune-app-sdk-ios/issues/412

[wangxiaoms]

Hi @Jason-wonku-Ji could you get MAM logs, you can send it to me at wangxiao@microsoft.com https://learn.microsoft.com/en-us/mem/intune/developer/app-sdk-ios-appendix#how-can-i-troubleshoot-my-app

[Jason-wonku-Ji]

@wangxiaoms Hello wangxiaoms.

I have sent mail to you. I attached also log files.

Please check it.

[Jason-wonku-Ji]

@wangxiaoms

We would like to share additional information we have confirmed.

After I added 'IntuneMAMSettings -> ADALRedirectUri' in info.plist I entered the redirec URI added by Azure, and when I called loginAndEnrollAccount, I went to the id/pw input window. However, when I enter the id/pw here, the following error occurs.

AADSTS50011: The redirect URI 'xxxx-xxx-xxxx' specified in the request does not match the redirect URIs configured for the application '6c7e8096-f593-4d72-807f-a5f86dcc9c77'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.

Request Id: e56c1e33-64b3-44c2-849f-cf254ff67600 Correlation Id: 2eeda0b5-7963-4344-b96b-f940554ac671 Timestamp: 2024-04-16T11:00:55Z Message: AADSTS50011: The redirect URI 'xxxx-xxx-xxxx' specified in the request does not match the redirect URIs configured for the application '6c7e8096-f593-4d72-807f-a5f86dcc9c77'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this. Flag sign-in errors for review: Enable flagging If you plan on getting help for this problem, enable flagging and try to reproduce the error within 20 minutes. Flagged events make diagnostics available and are raised to admin attention.

[Jason-wonku-Ji]

@wangxiaoms If you want to check exact redirect URI, I will share it to you through mail. Please tell me.

[wangxiaoms]

Hi @Jason-wonku-Ji I checked logs, please follow below procedure to setup an app registration, set the ADALClientId, ADALAuthority, ADALRedirectUri properties on the IntuneMAMSettings class. https://learn.microsoft.com/en-us/mem/intune/developer/app-sdk-ios-phase2

You can find more MSAL and app registration setup details from here: https://learn.microsoft.com/en-us/entra/identity-platform/tutorial-v2-ios

As an example if the app bundle ID is com.microsoft.identitysample.MSALiOS, the redirect url is msauth.com.microsoft.identitysample.MSALiOS://auth

[rattata2023]

Hi @wangxiaoms

I am also getting this error

I have logged in with MSAL using Intune SDK 19.2.0

Getting this error with status code IntuneMAMEnrollmentStatusCode(rawValue: 207) Debug message: Optional("The operation failed because the Intune MAM SDK failed received a nil value for the user\'s account UPN.") <IntuneMAMEnrollmentStatus: 0x6000017c2040>

[wangxiaoms]

@rattata2023 could you share the MAM logs.

[Jason-wonku-Ji]

@wangxiaoms Hello wangxiaoms,

I applied your guide and added ADALClientId, ADALAuthority, and ADALRedirectUri to IntuneMAMSettings and confirmed normal operation. Thanks for the guide.

Since discussions with rattata2023 remain, the ticket will be closed at a later date.

[wangxiaoms]

@Jason-wonku-Ji Thanks for the confirmation, since problem is solved I'm closing the issue. @rattata2023 Send me MAM logs at wangxiao@microsoft.com, or you can continue post in this thread, I will have a look for you.

[rattata2023]

Here are the logs

container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled A NULL string is not a valid group container identifier. container_create_or_lookup_app_group_path_by_app_group_identifier: client sent invalid parameters container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled A NULL string is not a valid group container identifier. container_create_or_lookup_app_group_path_by_app_group_identifier: client sent invalid parameters Unsupported enumeration of _UIKeyboardWindowScene windows on non-main thread. Unsupported enumeration of UIWindowScene windows on non-main thread.

2024-04-10T11:52:54.036Z ERRO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAM611 Config file not found: Config.plist 2024-04-10T11:52:54.121Z ERRO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAM611 Is first launch 2024-04-10T11:52:54.121Z ERRO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAM611 Config file not found: NBUConfig.plist 2024-04-10T11:52:54.127Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: mhf exists: no 2024-04-10T11:52:54.184Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Hooking application delegate class: App.AppDelegate 2024-04-10T11:52:54.337Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: ActivityItemsConfigurationHooks: Hooking Capacitor.CAPBridgeViewController 2024-04-10T11:52:54.346Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: In application:willFinishLaunchingWithOptions: 2024-04-10T11:52:54.366Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Creating keychain encryption key 2024-04-10T11:52:54.416Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Created keychain encryption key 2024-04-10T11:52:54.416Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Keychain keys found: 1 2024-04-10T11:52:54.418Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Starting private keychain migration. 2024-04-10T11:52:54.419Z INFO tid=7 id=(nil),ui=(nil),io=(nil) IntuneMAM: Starting public keychain migration. 2024-04-10T11:52:54.426Z ERRO tid=7 id=(nil),ui=(nil),io=(nil) IntuneMAM: No keys found for migration. 2024-04-10T11:52:54.428Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: CMARApplicationUtils: Party status = 0 2024-04-10T11:52:54.428Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Key not found for migration CMARScrubbedBundleID.EMMUPN for migration. 2024-04-10T11:52:54.429Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Key not found for migration CMARScrubbedBundleID.DiagnosticDataOnLaunch for migration. 2024-04-10T11:52:54.430Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Key not found for migration CMARScrubbedBundleID.intune_app_protection_enrollment_id_V1 for migration. 2024-04-10T11:52:54.431Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Key not found for migration CMARScrubbedBundleID.MAMPolicies for migration. 2024-04-10T11:52:54.432Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Key not found for migration CMARScrubbedBundleID.com.microsoft.intune.mam.DontShowManagementStatement $ 2024-04-10T11:52:54.432Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Key not found for migration CMARScrubbedBundleID.private for migration. 2024-04-10T11:52:54.433Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Key not found for migration CMARScrubbedBundleID.IntuneMAMDeviceId for migration. 2024-04-10T11:52:54.434Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Key not found for migration CMARScrubbedBundleID.RequireAccounts for migration. 2024-04-10T11:52:54.438Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Completed private keychain migration. 2024-04-10T11:52:54.453Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: CMARRetryTimeCustomizeableInterval: No time interval was found for the custom interval timer, defaulti$ 2024-04-10T11:52:54.455Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAMSharedCache: No Device ID found in keychain, creating new ID string object

[wangxiaoms]

Hi rattata2023 you will need to provide full log file attachment. Please make sure to follow below steps. https://learn.microsoft.com/en-us/mem/intune/developer/app-sdk-ios-phase2

You can find more MSAL and app registration setup details from here: https://learn.microsoft.com/en-us/entra/identity-platform/tutorial-v2-ios

[rattata2023]

Hi @wangxiaoms I have tried that and also added ADALClientId ADALAuthority ADALRedirectUri still, I am getting that error MSAL is working I am getting access token and account info attaching log file

IntuneMAMDiagnosticFiles.txt

[wangxiaoms]

@rattata2023 I see a few errors in log

• Access error for keychain item com.microsoft.intune.mam
• Invalid identity. Could not find AAD object id for account
• acquireToken returning with error: (MSALErrorDomain, -50000)

Did you configure the keychain groups below? https://learn.microsoft.com/en-us/mem/intune/developer/app-sdk-ios-phase3#:~:text=create%20a%20separate%20access%20group%20in%20which%20the%20Intune%20App%20SDK%20will%20store%20its%20data

Can you try the below sample app to make sure it is working, then you can compare your app configurations with it. https://github.com/msintuneappsdk/Chatr-Sample-Intune-iOS-App

[rattata2023]

@wangxiaoms MSAL is working but I am still getting this error I have also checked the Chatr app but it didn't set ADALClientID and other things I am using simulator to test

2024-05-07T05:00:21.563Z ERRO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAM611 Config file not found: Config.plist 2024-05-07T05:00:21.566Z ERRO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAM611 Is first launch 2024-05-07T05:00:21.566Z ERRO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAM611 Config file not found: NBUConfig.plist 2024-05-07T05:00:21.568Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: mhf exists: no 2024-05-07T05:00:21.609Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Hooking application delegate class: App.AppDelegate 2024-05-07T05:00:21.662Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: ActivityItemsConfigurationHooks: Hooking Capacitor.CAPBridgeViewController 2024-05-07T05:00:21.664Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: In application:willFinishLaunchingWithOptions: 2024-05-07T05:00:21.676Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Keychain keys found: 1 2024-05-07T05:00:21.689Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: CMARRetryTimeCustomizeableInterval: No time interval was found for the cu$ 2024-05-07T05:00:21.692Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAMSharedCache: Loaded existing Device ID from Keychain 2024-05-07T05:00:21.692Z VERB tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAMSharedCache: No primary User OID found in the keychain. DataStoreStatu$ 2024-05-07T05:00:21.693Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAMSharedCache: No Device Primary User found in keychain 2024-05-07T05:00:21.693Z ERRO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAMSharedCache: MAM611 No Device Primary User found in keychain: 1 2024-05-07T05:00:21.694Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAMCacheManager: No MAM V3 Shared Cache found in keychain, constructing f$ 2024-05-07T05:00:21.694Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAMCacheManager: No MAM V2 Shared Cache found in keychain, loading V1 cac$ 2024-05-07T05:00:21.695Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAMCacheManager: No MAM Shared Cache found in keychain, creating new cach$ 2024-05-07T05:00:21.696Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: CMARMamCacheManager: Committing caches to data store 2024-05-07T05:00:21.697Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAMSharedCache: Storing Device Primary User in keychain: (nil) 2024-05-07T05:00:21.697Z ERRO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAMSharedCache: MAM611 Storing nil Device Primary Account ID in keychain. 2024-05-07T05:00:21.697Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: CMARMamCacheManager: Committing caches to data store 2024-05-07T05:00:21.698Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAMSharedCache: Storing Device Primary User in keychain: (nil) 2024-05-07T05:00:21.698Z ERRO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAMSharedCache: MAM611 Storing nil Device Primary Account ID in keychain. 2024-05-07T05:00:21.699Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: CMARKDFuJrBWXgdHBzDDjKKa : Successfully removed all local MAM state for a$ 2024-05-07T05:00:21.701Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Assuming an MSAL version 1.2.5 or higher is linked 2024-05-07T05:00:21.701Z ERRO tid=2 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAM611 First launch resetting state or identity 2024-05-07T05:00:21.709Z INFO tid=2 id=(nil),ui=(nil),io=(nil) IntuneMAM: CMARApplicationUtils: Party status = 0 2024-05-07T05:00:21.711Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Application management state: 0x0 2024-05-07T05:00:21.711Z INFO tid=2 id=(nil),ui=(nil),io=(nil) IntuneMAM: Application management state: 0x0 2024-05-07T05:00:21.712Z VERB tid=2 id=(nil),ui=(nil),io=(nil) IntuneMAM: CMARKDFuJrBWXgdHBzDDjKKa : Successfully registered observer with name: CM$ 2024-05-07T05:00:21.714Z VERB tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Interface orientation view controller [Capacitor.CAPBridgeViewController:$ 2024-05-07T05:00:21.714Z INFO tid=6 id=(nil),ui=(nil),io=(nil) IntuneMAM: IntuneMAMTelemetry framework not included with app. 2024-05-07T05:00:21.714Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: In application:didFinishLaunchingWithOptions: 2024-05-07T05:00:21.715Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: CMARYIdVSHOmHHPhhfrEKGxL : LogCollectionRequest - Log collection handler $ 2024-05-07T05:00:21.717Z INFO tid=1 id=(nil),ui=(nil),io=(nil) IntuneMAM: Sending telemetry event for CLM initializing 2024-05-07T05:00:21.718Z INFO tid=4 id=(nil),ui=(nil),io=(nil) IntuneMAM: MAM_CHECKPOINT: Built with version: 19.2.0 (20240306.2) refs/heads/main:6$

[wangxiaoms]

Hi @rattata2023 please create a separate Github issue, provide detailed procedures, erros, and full MAM logs https://learn.microsoft.com/en-us/mem/intune/developer/app-sdk-ios-appendix#how-can-i-troubleshoot-my-app

Please do make Chatr sample app working first.