| Table of Contents |
|---|
...
The PIN is shared among apps of the same publisher to improve usability:
On iOS/iPadOS, one app PIN is shared amongst all apps of the same app publisher. For example, all Microsoft apps share the same PIN.
On Android, one app PIN is shared amongst all apps.
Recheck the access requirements behavior after a device reboot:
A timer tracks the number of minutes of inactivity that determine when to show the Intune app PIN, or corporate credential prompt next.On iOS/iPadOS, the timer is unaffected by device reboot. Thus, device reboot has no effect on the number of minutes the user has been inactive from an iOS/iPadOS app with Intune PIN (or corporate credential) policy targeted.
On Android, the timer is reset on device reboot. As such, Android apps with Intune PIN (or corporate credential) policy will likely prompt for an app PIN, or corporate credential prompt, regardless of any timer the policy has set.
The rolling nature of the timer associated with the PIN:
Once a PIN is entered to access an app (app A), and the app leaves the foreground (main input focus) on the device, the timer gets reset for that PIN. Any app (app B) that shares this PIN will not prompt the user for PIN entry because the timer has reset.
For iOS/iPadOS devices, even if the PIN is shared between apps from different publishers, the prompt will show up again when the Access Requirements timer is met again for the app that is not the main input focus. So, for example, a user has app A from publisher X and app B from publisher Y, and those two apps share the same PIN. The user is focused on app A (foreground), and app B is minimized. After the Access Requirements timer is up and the user switches to app B, the PIN would be required.
...
Common Pop-Ups & What They Mean
3rd Party Keyboard Blocked
...
Click “Sign in” and you will be brought to a Microsoft Modern Authentication sign-in page where you’ll sign in with your Franklin County email and password and likely also have to satisfy a MFA prompt.
...
The Intune Company Portal is Required
When trying to access an app that is considered a Managed Application for the first time after Application Protection Policies have been deployed you will be presented with a message like this if you are on an Android device specifically.
What To Do
Download and install the Company Portal app, then you can attempt to relaunch the app you were trying to before. You can click “KEEP ACCOUNT” on the pop-up to initiate this installation.
After the install has been completed, relaunch the same app and it should bring you to a screen that says “Get Access” at the top. It’ll show a checklist of Conditional Launch/Access requirements that you are meeting.
<---------
Simply click “CONTINUE” and you should be let into the Managed Application now. This is a one-time occurrence, so long as you don’t remove the Company Portal app from your device.
Note: This is NOT enrolling your device in Intune. This is one of the requirements of the App Protection Policies we have in place. The Company Portal App simply needs to be installed; you do not need to actually enroll into Intune through the Company Portal App for this to resolve.
...
Org Data Removal
This pop-up is notifying you that the data within Managed Applications on your device has been wiped. Essentially, this means that you will need to restart the apps, sign-in to your Franklin County credentials again through a Modern Authentication sign-in prompt, and then you can use these apps again - so long as you are meeting the Access Requirements and Conditional Launch requirements.
This will occur if a Managed Applications wipe is executed by the Intune Admins team but can also occur if a user has been on leave for 90 days and then fails to sign-in successfully when they try to access a Managed Application and it prompts them to sign-in to their account again.
What To Do
Nothing can be done here except for signing-in again. If you feel this should not have happened, you need to submit a ticket to Help Desk.