Microsoft Intune issue is rendering Samsung work phones unusable
Your Samsung work phone may stop performing its duties after a problematic update to Microsoft Intune. Two days ago, business users started to report that their Samsung work phones were unable to access corporate networks.
As it turns out, a flaw inside the Microsoft Intune software is the culprit, rendering the Samsung phones unusable and “non-compliant.” In effect, people are locked out of their work environments and can’t do their job.
Microsoft Intune is a cloud-based platform for the administration of work devices, especially smartphones and smartphone applications. When devices are enrolled and managed in Intune, administrators can:
It appears that the issue manifests itself on Samsung phones running Android 9 or later, and it’s happening after an automatic restart or after a managed update. Microsoft acknowledged the problem in a blog post, stating that:
“We are aware of an issue where some Samsung devices show as non-compliant after an automatic restart or after a managed update is applied. This could potentially affect access to corporate resources, depending on the Conditional Access policies set by the IT administrator. We are working to resolve this issue with Samsung, but in the meantime, we wanted to give you more information and workaround instructions to help you bring devices back into compliance.”
There are two ways to do this. For Samsung phones with Android Device administrators (DA) follow these steps:
For Android Enterprise fully managed Samsung devices you need to do the following:
Microsoft says that the company is working to resolve the issue but at the time of writing this article, there’s no official patch or solution, aside from the aforementioned workarounds.
As it turns out, a flaw inside the Microsoft Intune software is the culprit, rendering the Samsung phones unusable and “non-compliant.” In effect, people are locked out of their work environments and can’t do their job.
What is Microsoft Intune?
Microsoft Intune is a cloud-based platform for the administration of work devices, especially smartphones and smartphone applications. When devices are enrolled and managed in Intune, administrators can:
- See the devices enrolled and get an inventory of devices accessing organization resources.
- Configure devices, so they meet your security and health standards. For example, you probably want to block jailbroken devices.
- Push certificates to devices so users can easily access your Wi-Fi network or use a VPN to connect to your network.
- See reports on users and devices compliance.
- Remove organization data if a device is lost, stolen, or not used anymore.
Microsoft Intune issue
It appears that the issue manifests itself on Samsung phones running Android 9 or later, and it’s happening after an automatic restart or after a managed update. Microsoft acknowledged the problem in a blog post, stating that:
The issue is affecting Samsung phones with Android device administrator (DA) management or Android Enterprise personally-owned work profiles but there are workarounds to make these devices compliant again in Microsoft Intune.
How to fix the Microsoft Intune non-compliance problem?
According to Microsoft, a manual sync will alleviate the issue. "A manual sync forces your device to connect with Intune to get the latest updates, requirements, and communications from your organization. Company Portal regularly syncs devices as long as you're connected to Wi-Fi. If you've been disconnected from Wi-Fi for an extended period of time, you can use the manual sync feature to get any policies and updates you missed," reads the description on the official blog.
There are two ways to do this. For Samsung phones with Android Device administrators (DA) follow these steps:
- Unlock your Samsung work phone
- Launch Company Portal
- Sign in to the Company Portal app.
- Tap the menu.
- Tap Settings.
- Scroll down to Management Policy and tap Sync.
- Wait while Company Portal syncs your device. When complete, the screen will show the timestamp of the last successful sync.
- After the successful sync, the phone should be again compliant with Intune
For Android Enterprise fully managed Samsung devices you need to do the following:
- Unlock your Samsung work phone
- Launch the Device Policy Controller app
- Tap the menu.
- Tap Settings.
- Scroll down to Management Policy and tap Sync.
- After the successful sync, the phone should be again compliant with Intune
Microsoft says that the company is working to resolve the issue but at the time of writing this article, there’s no official patch or solution, aside from the aforementioned workarounds.
You may also like:
Things that are NOT allowed: