Forum Discussion
Access Issues due to supervised Device
Hello
we have Supvised (ADE) and user affinity iOS devices in our company. The users can log on to their device via their Modern Auth and the whole thing is managed with Intune.
As a company, we have access to Azure Virutell clients (Win 11) hosted by our customers. If I now want to access this virtual Azure client via my supervised iPad and the iOS App Windows App, I receive the message: ‘Warning: incorrect configuration. The administrator wants the apps on this device to be managed via the ‘xxx’ account. [...] To access company data via the ‘yyy’ account, you must unregister your device from the company portal’
Is it possible to define exceptions in Intune so that I can log on to the virtual client with credentials other than those stored in the company portal?
best regards
Potential Solutions:
- Review App Protection Policies (APP):
- Check if App Protection Policies enforce all apps to use the corporate account.
- Modify the policy to allow exceptions for the Microsoft Remote Desktop app (or the specific app used for AVD), permitting it to use alternative accounts or exempt it from the policy.
- Set Up Conditional Access Exceptions:
- In Azure AD Conditional Access, create a policy to exclude specific apps (like the AVD app) from requiring managed devices or corporate accounts.
- Create a Custom Profile in Intune:
- Configure a special Device Configuration Profile in Intune to allow apps to use multiple accounts. This option may pose security risks and should align with the organization’s compliance policies.
- Use an Unmanaged Device:
- If exceptions are not allowed by corporate policy, consider using an unmanaged device (not supervised by Intune) to access the Azure Virtual Desktop.
Plz let me know if the issue is resolved
- Review App Protection Policies (APP):
Potential Solutions:
- Review App Protection Policies (APP):
- Check if App Protection Policies enforce all apps to use the corporate account.
- Modify the policy to allow exceptions for the Microsoft Remote Desktop app (or the specific app used for AVD), permitting it to use alternative accounts or exempt it from the policy.
- Set Up Conditional Access Exceptions:
- In Azure AD Conditional Access, create a policy to exclude specific apps (like the AVD app) from requiring managed devices or corporate accounts.
- Create a Custom Profile in Intune:
- Configure a special Device Configuration Profile in Intune to allow apps to use multiple accounts. This option may pose security risks and should align with the organization’s compliance policies.
- Use an Unmanaged Device:
- If exceptions are not allowed by corporate policy, consider using an unmanaged device (not supervised by Intune) to access the Azure Virtual Desktop.
Please let me know if the issue is resolved
Hello Ankido,
thank you for replying.
Regarding APP: I don't find any options to modify the policy to allow exceptions for the Microsoft Remote Desktop app (or the specific app used for AVD), permitting it to use alternative accounts or exempt it from the policy.
- Review App Protection Policies (APP):
Yes, you can exclude that app from the app protection policy that is currently assigned to the identity that you're trying to sign-in with. That's most likely where the restriction is coming from.
ENGlocklingBut how can I exclude the app. I don't find the right option in APP.
I guess when no one is answering, this is mission impossible... 🧗♂️
