Forum Discussion
Can't access Intune Company Portal from Android device after enabling Phishing resistant MFA
HI,
Since I enabled Phishing resistant MFA in my tenant, I have been unable to access the company portal on my android phone. Login starts the auth process, but the app keeps telling me that it doesn't support pass keys.
If this is the case, is the way that I can exclude the app from my CA policy to allow me to install apps that I have made available to the device?
Kind Rgds
Lee
Take this:
- Sign in to the Microsoft Entra Admin Center:
- Navigate to Security > Conditional Access.
- Modify the Conditional Access Policy:
- Select the policy that enforces phishing-resistant MFA.
- Under Assignments, go to Cloud apps or actions.
- Choose Exclude and add the Intune Company Portal app to the exclusion list.
- Save the Changes:
- Once you've excluded the app, save the policy.
- Sign in to the Microsoft Entra Admin Center:
Phishing-resistant MFA strength allows the following combinations:
- Windows Hello for Business
- Or
- FIDO2 security key
- Or
- Microsoft Entra certificate-based authentication (Multifactor)
If you don't one of those setup. You being prompted for Passkey is expected.
Ensure that your devices are prepared for phishing-resistant passwordless by patching to the latest supported versions of each operating system. Microsoft recommends your devices are running these versions at a minimum:
- Windows 10 22H2 (for Windows Hello for Business)
- Windows 11 22H2 (for the best user experience when using passkeys)
- macOS 13 Ventura
- iOS 17
- Android 14
If your Android Device is lower than 14, then you can't create passkeys.
