Skip to main content

The customer configured SSO using Azure AD and it works well for the client. When login in with the FSM Android mobile which runs on the Android Work Profile and is managed by Intune, it doesn't work. The user is able to go to the Azure AD login page and provide the password, which is accepted, but then a new dialog is prompted saying: "Are you trying to sign in to …? Only continue if you downloaded the app from a store or website that you trust”. When one clicks on continue, it says: "Action Blocked: this action is not allowed by your organization.”

The customer believes this happens because this is not a managed app (integrated with the Intune SDK). I think it could also be something that is configured on the Azure Ad that can be changed, so it “trusts” the app and doesn't go through the whole "are you trying to sign in...”. Any ideas? Integrating the App with the Intune SDK sounds like a large amount of work and could also break things.

Hi Gui,

I could imagine that some custom policies set by the customer in Azure are blocking this. They should check their Azure AD logs and/or Azure Events for more information. Eventually also something has to be changed in their Intune Work Profile.

Best regards
Roman


Thanks Roman! They do agree that this is likely a policy they have on Intune, but this is a large organisation and they will want us to make the App comply with the Intune SDK instead of changing it. I assume this will be a lot of work, would need R&D involved and might break all kinds of things. There is another option to explore which I haven't looked into: “wrapping tool" for Intune, but I am sure it also has a bunch of limitations and issues.


Reply