Getting "you can't get there from here" error
Closed this issue · 8 comments
Intune Android App SDK Policy Enforcement Issue
Questions to Ask Before Submission
- Have you completed the exit criteria for each phase in the Intune App SDK for Android Integration Guide? Yes
- Have you checked the Microsoft Intune App SDK for Android repository for similar issues? Yes
- Are you using the latest version of the SDK? Yes
Summary
When applied the conditional access to the app in azure, and when trying to login via android app getting this error.
Each phase of the Intune App SDK for Android Integration Guide outlines specific exit criteria for proceeding to subsequent phases.
Please reference the specific exit criteria scenario that is failing.
Repro Steps
Please provide concrete steps to reproduce the issue you are encountering.
- Created a tenant in Azure
- Assign conditional access to all the user.
- Doesn't assign approve browser to user and getting the above error.
we don't want to assign all the user to have Edge browser as approved app.
Expectation:
Observation:
Details
- Intune Android App SDK Version:
- Android Device Make and Model:
- Android Device OS Version:
- Android Studio Version:
Logs
Company Portal Logs
Incident ID:
For guidance, see Report a problem in Company Portal or Intune app for Android.
Screenshots and Recordings
If screenshots and/or recordings would help explain the behavior, please include them here.
AndroidX Dependencies
If your app includes any AndroidX libraries, please list them here, along with the version info:
- NA
Third-Party Library Dependencies
If your app includes any third-party libraries, please list them here, along with the version info:
- NA
Hi @rashidkhan2487 , thanks for reaching out. Could you please fill in the needed information on this bug template? More specifically, the repro steps including the Conditional Access policy details, and the Company Portal Logs?
@boyzhang-msft I am not sure how to get the company portal log. But I updated the repro step
@rashidkhan2487 thank you, I will take a look at the added steps. Here is some documentation on getting company portal logs, after clicking "send logs" please reply here with the given incident ID - https://learn.microsoft.com/en-us/mem/intune/user-help/send-logs-to-your-it-admin-by-email-android#send-logs-from-company-portal
Also as was asked above, could you include the details of what policies you are setting when you are creating the conditional access policy? All I see above is a screenshot of our documentation.
Double checking as well, have you successfully gone through the section of our integration guide to support Conditional Access? and completed that sections exit criteria? https://learn.microsoft.com/en-us/mem/intune/developer/app-sdk-android-phase7#support-app-protection-ca
@mcsimons I have checked the exit criteria and it has been successfully completed.
@rashidkhan2487 Please note that to support the Conditional Access grant “require app protection policy’ there is some work needed to be completed by the app. Has the team done the work to handle this scenario? Here’s the basic info:
i. The following are the key requirements from apps to support App Protection CA.
- Integrate the Intune SDK
- Use MSAL SDK for all authentication flows with Azure Active Directory. There is a requirement to use the MSAL library to connect to the resource that’s protected by conditional access (for the “require app protection policy” grant)
- Follow the development documents for managing error conditions for the app enrollment flow
a. Android documentation
b. iOS documentation
There are a few key things in the instructions linked above.
a) Your app needs to declare that it supports this CA grant. Specific details here
b) Once you’ve declared your support you will start to get an error message back, when you receive this, you’ll call a remediate API in our SDK. This is all outlined in the documentation above.
Closing this issue out due to inactivity. If there are still issues after following the steps provided by c-demello above, please open a new issue. Thanks.