How to Enable Intune Company Portal Browser Access for Conditional Access Enabled Web apps, Endpoint Manager? I have been testing and developing a solution for Android device management with Intune. Those Android for Work learning experience has been shared in my previous posts here.
In this post, we will see and learn how to enable Intune Company Portal Browser Access for Android devices. What is the need for enabling company portal browser access? To put it in simple words, if your organization is using Azure AD Conditional Access (CA) enabled internal web applications, then we need to enable the Company portal browser access option.
How to enable Intune Company Portal Browser Access
- Open the Company Portal app.
- Go to the Settings page from the ellipsis (…) or hardware menu button.
- Press the Enable Browser Access button.
The above video recording gives you the same user experience when you have CA access enabled web applications and you have not enabled company portal browser access. As you can see in the video, managed browser for Android devices gives an error stating that the device is not enrolled.
Yes, the managed browser application can’t understand whether the device is already enrolled. When you perform an action like “Intune Company Portal Browser Access, ” the app will try to install the Microsoft work account certificate on an Android device. There is a known issue with the previous version of the Company Portal application on Android devices.
Microsoft Work Account Certificate installation Error
The solution to the Microsoft mentioned above “work account certificate installation” error is to update the company portal application for Android devices. Are you getting an error called ENROLL your device (as you can see in the following screen capture)? Is this error appear when you try to access Conditional Access enabled web applications through the managed browser? The web apps without CA are working fine? If so, you need to perform following the action from your Android device “Intune Company Portal Browser Access.”
End-User Experience of ENROLL device Error
Now, it’s time to update the company portal application on Android for work-enabled devices. Once the device is updated with the latest version of the company portal app, then open up the company portal app and go to settings – tap on the button “Enable Browser Settings.”
This action gives you a popup for Microsoft Work Account certificate installation; the user must select the cert and tap on the ALLOW button. This process is explained in the video tutorial at the top of this post.
Microsoft Work Account Certificate Installation
Once the managed browser has a certificate, the web applications opened in the Managed browser can use the Microsoft work account cert. This will allow the managed browser to securely open conditional access enabled internal web applications. The user doesn’t require a tap on the INSTALL button, as per my experience; rather user needs to tap on ALLOW button to complete this configuration.
End USER Experience of CA enabled Web application Access
Author
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…