Cert Based Auth no longer working on Android devices.
Curious as to how wide spread this is/will be. Windows and iOS is fine, only affecting android.
You can easily test this by revoking MFA sessions on a user who is using cert based auth on a android phone.
I’m not sure if there has been a update recently to Android Microsoft Office apps where it thinks the certs live inside the intune company portal and is not looking for certs in the phones cert store.
BYOD work profile Android 14 phones are being problematic, when a user changed their password and Azure revoked their sessions for a reauth, the issue started occurring.
I tested this on another user manually revoking their MFA sessions without changing their password same issue occurred. I also setup a brand new Android phone and had the same issue after enrolling it.
The issue is when the user opens outlook or teams and goes to sign in, it will pop up asking to use a cert on the device or a physical key. When selecting on the device the phone will freeze it will then eventually say “”company portal isn’t responding” with the options of wait or cancel. Opening chrome in the work profile and going to a office app site will popup asking for the cert and works fine. So the issue doesn’t appear to be the phone getting the cert, just the Office Apps are not accessing the Phones cert Store. I can confirm the Cert is inside the work profile as a browser or cert viewer app inside the workprofile can see it, auths work fine when using a browser in work profile, just not outlook or teams inside the work profile.
Curious as to how wide spread this is/will be. Windows and iOS is fine, only affecting android.You can easily test this by revoking MFA sessions on a user who is using cert based auth on a android phone.I’m not sure if there has been a update recently to Android Microsoft Office apps where it thinks the certs live inside the intune company portal and is not looking for certs in the phones cert store.BYOD work profile Android 14 phones are being problematic, when a user changed their password and Azure revoked their sessions for a reauth, the issue started occurring.I tested this on another user manually revoking their MFA sessions without changing their password same issue occurred. I also setup a brand new Android phone and had the same issue after enrolling it.The issue is when the user opens outlook or teams and goes to sign in, it will pop up asking to use a cert on the device or a physical key. When selecting on the device the phone will freeze it will then eventually say “”company portal isn’t responding” with the options of wait or cancel. Opening chrome in the work profile and going to a office app site will popup asking for the cert and works fine. So the issue doesn’t appear to be the phone getting the cert, just the Office Apps are not accessing the Phones cert Store. I can confirm the Cert is inside the work profile as a browser or cert viewer app inside the workprofile can see it, auths work fine when using a browser in work profile, just not outlook or teams inside the work profile. Read More
