SOTI Pulse Logo

O365 shared device - Authenticator token issue because of Company portal

TM
Tomas Malich
toyota

Hello there,

I have a common issue with Company portal stealing token from MS Authenticator, which results in MS Authenticator being unable to register device as shared device.

However I alraedy set Authenticator as "high-priority" and "open after installation". Also placed company portal in same app policy and gave it "postpone" priority and a bunch of MS apps in between.

Still every other device I have to fix manualy by removing both apps and clearing cache and metadata of Authenticator and re-installing just it first.

Side note: I can not avoid Company portal, as it is required by my mother company policy to run any MS stuff (Intune MAM).

Thank you in advance for your best practices.

Detail:
Enrollment type: Work managed (fully managed device in kiosk mode)
Device: Any (mainly Samsung & Zebra)
Server version: 2025.1 (MC cloud)
Android version: 15

MS Authenticator Shared Devices microsoft Company portal
Edited 9 days ago
Android
ANSWERS
AS
Alin Sfiriac
8 days ago

We had a similar behaviour when we were pushing MS Authenticator and CP in separated app policies.

 I assume you have the managed app config for Authenticator in the app policy. (enabled shared device mode, pre-fill tenant id and token registration). We had a strange issue with managed apps, some applications were not installed with managed app configs (including MS Authenticator).The only fix was to recreated the device groups again (with all profiles and polciies)

Since having all MS apps in the same policy still not working ok for you (i didn't had any more issues with this setup: Authenticator - high-priority and open after insall, cportal - postponed priority, and don't open any ms apps before the device is registered), you can try to exclude cp portal from that policy, and create a separate one, and apply it with a filter (ex: if authenticator is installed)

 

TM
Tomas Malich
8 days ago

Hi,
unfortunately installation priority is only respected in each app policy to my understand.
Meaning that if I separate CP from the rest, it will be "at random" (which is kinda is even now...)

At least this is to my understand and how I had it before.

Similar Discussions