Taskr is a simple, open source, Android app designed to let you test out the capabilities of the Microsoft Intune APP SDK.

License: MIT License

Java 74.34% JavaScript 13.52% Kotlin 12.13%

taskr-sample-intune-android-app's Introduction

Taskr - A Microsoft Intune Android MAM SDK Example

MAM SDK Version	MSAL Version
9.5.0	4.1.0

This project is a demonstration of the Microsoft Intune SDK for Android and contains examples from the SDK Guide, which is available to provide additional developer guidance.

It also demonstrates how to integrate a line-of-business app with the Trusted Roots Certificates Management API. Detailed information can be found in section Using Trusted Root Certificates from Intune to Establish Trust Anchors of the SDK Guide.

Important Notes Before Starting

Configuring an Intune Subscription

A tenant is necessary for the configuration of an Intune subscription. A free trial is sufficient for this demo and can be registered for at Microsoft's demo site.
Once a tenant is acquired the Intune subscription will need to be properly configured to target the user and the application. This can be accomplished by following the steps to Set up Intune.

Configuring App for MSAL Authentication

This sample features an MSAL integration to highlight MAM functionality, see About the code for more information regarding MSAL. The purpose of registering with MSAL is to acquire a unique client ID, redirect URI, and signature hash for your application.

Perform the app registration and configuration steps by following the Register Your Own Application steps for an MSAL application.
Update the MSAL values in this sample with those called out by Using MSAL.
Replace the included auth-config JSON file with the configuration for your app.

Grant App Permission to MAM Service

You will need to grant your app permissions to the Intune Mobile Application Management (MAM) service.

Highlighted SDK Features

⚠️ For policy to be applied to the application, the user will need to sign in and authenticate with MSAL.

This project demonstrates proper integration with the MAM SDK and the APP service for a single-identity application.

If your application is a multi-identity application, please refer to the multi-identity application integration guide for the necessary modifications.

Managed via App Participation

The following policies require app participation in order to be properly enforced.

A full breakdown of policies requiring app participation can be found in the "Enable features that require app participation" section of the SDK guide.

Prevent Android backups – The app enables managed backups in AndroidManifest.xml. More information is available here.
Prevent "Save As":
- To User's Device - To determine if saving to the device is allowed, the app manually checks the user's policy in fragments/TasksFragment.java. If allowed, the save button will save a CSV containing all open tasks to the user's device. Otherwise, a notification will be displayed to the user.
App configuration policies – The app displays the current configuration as an example on the About page in fragments/AboutFragment.java.

Managed by the SDK

The following policies are automatically managed by the SDK without explicit app involvement and require no additional development.

Require PIN for access – The MAM SDK will prompt the user for a PIN before any UI code is executed, if required by policy.
- Allow fingerprint instead of PIN - See above.
- Require corporate credentials for access – See above.
Allow app to transfer data to other apps – This policy is demonstrated when the user clicks on the save button, which attempts to export a CSV containing tasks to Excel.
Disable printing – This policy is demonstrated when the user clicks on the print button, which attempts to open the CSV in Android’s default printing view.
Allow app to receive data from other apps – This policy is demonstrated when the app receives intents containing the text of a description to create a task.
Restrict web content to display in the Managed Browser – This policy is demonstrated when a user clicks on a link from the About screen.
Encrypt app data - This policy is demonstrated when the app attempts to save a CSV file. If enabled, the file will be encrypted on disk.

About the code

MSAL Integration and the MAM Token

AndroidManifest

The AndroidManifest contains the BrowserTabActivity that is required for proper MSAL integration.

<!-- Must be specified to allow users to login via MSAL -->
<activity android:name="com.microsoft.identity.client.BrowserTabActivity"
    android:exported="true">
    <intent-filter>
        <action android:name="android.intent.action.VIEW" />

        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />

        <!--
            Add in your scheme/host from registered redirect URI
            note that the leading "/" is required for android:path
        -->
        <data
            android:host="com.intune.samples.taskr"
            android:path="/SignatureHash"
            android:scheme="msauth" />
    </intent-filter>
</activity>

The SignatureHash will need to be replaced with the MSAL registration values for your application.

There is no specific MAM code alteration required for the BrowserTabActivity.

Apps targeting Android 12 must explicitly declare the android:exported attribute for app components. Activity supporting VIEW and LAUNCHER must be exported. For more information check Android developer notes on Behavior changes.

MSALUtil class

The MSALUtil class serves as a utility for accessing the required MSAL integration code.

AuthenticationCallback class

The AuthenticationCallback class is registered in TaskrApplication and handles acquiring the MAM token.

You must register this callback in order to receive a token for MAM. Without this, full MAM integration is not achievable.

Callback Registration

// Registers a MAMServiceAuthenticationCallback, which will try to acquire access tokens for MAM.
// This is necessary for proper MAM integration.
MAMEnrollmentManager mgr = MAMComponents.get(MAMEnrollmentManager.class);
mgr.registerAuthenticationCallback(new AuthenticationCallback(getApplicationContext()));

This callback should be registered as early as possible in the onCreate method of your application.

Callback Implementation

@Nullable
@Override
public String acquireToken(@NonNull final String upn, @NonNull final String aadId, @NonNull final String resourceId) {
    try {
        // Create the MSAL scopes by using the default scope of the passed in resource id.
        final String[] scopes = {resourceId + "/.default"};
        final IAuthenticationResult result = MSALUtil.acquireTokenSilentSync(mContext, aadId, scopes);
        if (result != null)
            return result.getAccessToken();
    } catch (MsalException | InterruptedException e) {
        LOGGER.log(Level.SEVERE, "Failed to get token for MAM Service", e);
        return null;
    }

    LOGGER.warning("Failed to get token for MAM Service - no result from MSAL");
    return null;
}

As is noted by the comments, the resource ID that is passed to the acquireToken method should be used to construct the proper scopes for the MAM token.

Policy Enforcement

AndroidManifest xml

The AndroidManifest file models how to utilize the MAM SDK's backup manager to block and encrypt backups, if specified by policy.

<!-- The backupAgent here is provided by the MAM SDK. It will block/encrypt backups if necessary. -->
<application
    android:allowBackup="true"
    android:fullBackupOnly="true"
    android:fullBackupContent="true"
    android:backupAgent="com.microsoft.intune.mam.client.app.backup.MAMDefaultBackupAgent"
    ...

AboutFragment class

The AccountFragment class models how to retrieve the app config from the MAM SDK.

String currentUser = AppSettings.getAccount(this.getContext()).getAADID();
MAMAppConfigManager configManager = MAMComponents.get(MAMAppConfigManager.class);
MAMAppConfig appConfig = configManager.getAppConfig(currentUser);

SaveFragment class

The SaveFragment class models how to check data transfer policy for saving data to local storage.

  String currentUser = AppSettings.getAccount(view.getContext()).getAADID();

  if (MAMPolicyManager.getPolicy(getActivity())
          .getIsSaveToLocationAllowed(SaveLocation.LOCAL, currentUser)) {
            ...

Trusted Roots Certificate Management

Trusted Root Certificates Management allows your app to use trusted root certificates from Intune in combination with certificates from the device. This allows your app to establish trust with resources that are protected by a certificate issued by your organization.

This sample showcases three different ways to use trusted roots certificates from Intune to establish trust anchors:

Using OkHttpClient

The submitOkHttpClientRequest method in the TrustedRootsNetworkHandler class models how to configure an OkHttpClient to use the Trusted Root Certificates Management API.

    OkHttpClient okHttpClient = OkHttpClient.Builder()
        .sslSocketFactory(
            MAMTrustedRootCertsManager.createSSLSocketFactory(null, null),
            MAMTrustedRootCertsManager.createX509TrustManagers(null).first() as X509TrustManager
        )
        .build();
        ...

Using Apache HttpClient

The submitApacheHttpClient5Request method in the TrustedRootsNetworkHandler class models how to configure an Apache HttpClient to use the Trusted Root Certificates Management API.

    HttpClientConnectionManager connectionManager =
        PoolingHttpClientConnectionManagerBuilder.create()
            .setSSLSocketFactory(
                SSLConnectionSocketFactory(MAMTrustedRootCertsManager.createSSLContext(null, null))
            )
            .build();

    CloseableHttpClient httpClient = HttpClients.custom()
        .setConnectionManager(connectionManager)
        .build();
        ...

Using WebView

The WebViewClientFragment and WebViewClientViewModel classes model how to configure a WebView to use the Trusted Roots enabled WebViewClient from the SDK.

    MAMCertTrustWebViewClient mamCertTrustWebViewClient = new MAMCertTrustWebViewClient();

    // Set the MAM WebViewClient from the SDK as the current handler on the instance of WebView
    webView.setWebViewClient(mamCertTrustWebViewClient);
    ...

taskr-sample-intune-android-app's People

Contributors

Stargazers

Watchers

Forkers

allenrulz ukanth shreyanshsaxena amitse syiera97 surko saselin farazjelani mcsimons kunal-mahajan2808 fabianescacr ets-android1 irving-as kevinjoel alvareztech litex1982

taskr-sample-intune-android-app's Issues

Issue with Conditional Access & Cross-app SSO - Error Code 53009

Hi,

We have been able to successfully run our application with Conditional Access and Cross-app SSO on Android for a majority of users. However, we're facing an issue with a subset of users who are unable to access the application.

Upon checking the sign-in logs in the Azure portal, we're seeing an error code 53009, stating: "Application needs to enforce Intune protection policies." Additional details provided are "MFA completed in Azure AD".

Within the "Authentication Details" tab, it shows that "MFA successfully completed". We've verified that the phones for these users are enrolled properly.

Interestingly, we've observed that once these users log in to Outlook, they regain access to our app.

This issue seems to be affecting only some users and we have been unable to identify a pattern or common factor among them. Any insights into why this specific behaviour is occurring would be very helpful.

It fails to compile when add the sdk 'com.medallia.digital.mobilesdk:android-sdk:3.9.1'

I create a demo and then add the the sdk 'com.medallia.digital.mobilesdk:android-sdk:3.9.1', but it failed to compile
There is the demo link:https://github.com/Nash123-start/ApplicationTest

and the error is :

Mamification failed: onMAMCreate (Landroid/os/Bundle;)V in com.medallia.digital.mobilesdk.c0: conflict: int and androidx.appcompat.app.AppCompatActivity
javassist.CannotCompileException: onMAMCreate (Landroid/os/Bundle;)V in com.medallia.digital.mobilesdk.c0: conflict: int and androidx.appcompat.app.AppCompatActivity
at javassist.expr.ExprEditor.doit(ExprEditor.java:122)
at javassist.CtClassType.instrument(CtClassType.java:1554)
at com.microsoft.intune.mam.BuildTimeMamifier.mamifyClass(BuildTimeMamifier.java:454)
at com.microsoft.intune.mam.BuildTimeMamifier.mamifyClass(BuildTimeMamifier.java:391)
at com.microsoft.intune.mam.BuildTimeMamifier.mamifyClasses(BuildTimeMamifier.java:195)
at com.microsoft.intune.mam.BuildTimeMamifier.mamify(BuildTimeMamifier.java:107)
at com.microsoft.intune.mam.MamifyTransformBase.transform(MamifyTransformBase.java:185)
at com.android.build.gradle.internal.pipeline.TransformTask$2.call(TransformTask.java:284)
at com.android.build.gradle.internal.profile.NoOpAnalyticsService.recordBlock(NoOpAnalyticsService.kt:72)
at com.android.build.gradle.internal.pipeline.TransformTask.transform(TransformTask.java:242)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:104)
at

AADSTS53009: Application needs to enforce Intune protection policies

Hi,

We are trying to integrate the Intune SDK in our application. We took the code from the sample and published it to our Intune Store and we still have an issue. We also updated the SDK to v9.70. We are getting this error log on the android side (logcat) :

authentication failed
com.microsoft.identity.client.exception.MsalUiRequiredException: AADSTS53009: Application needs to enforce Intune protection policies.
Timestamp: 2023-09-27 13:49:30Z
	at com.microsoft.identity.client.internal.controllers.MsalExceptionAdapter.msalExceptionFromBaseException(Unknown Source:67)
	at com.microsoft.identity.client.PublicClientApplication$18.onError(Unknown Source:0)
	at com.microsoft.identity.client.PublicClientApplication$18.onError(Unknown Source:2)
	at com.microsoft.identity.common.java.controllers.CommandDispatcher.commandCallbackOnError(Unknown Source:14)
	at com.microsoft.identity.common.java.controllers.CommandDispatcher.access$900(Unknown Source:0)
	at com.microsoft.identity.common.java.controllers.CommandDispatcher$4.run(Unknown Source:46)
	at android.os.Handler.handleCallback(Handler.java:942)
	at android.os.Handler.dispatchMessage(Handler.java:99)
	at android.os.Looper.loopOnce(Looper.java:226)
	at android.os.Looper.loop(Looper.java:313)
	at android.app.ActivityThread.main(ActivityThread.java:8762)
	at java.lang.reflect.Method.invoke(Native Method)
	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:604)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1067)

This log appears after we entered our credentials and passed the MFA on the Microsoft portal. The device is enrolled.
If we exclude the app from the app protection, it's working but when the app protection is turned on we can't signin.
We created a ticket with the Microsoft support already and Hugo Pereira tried to help us with our issue without success for now. He told us we should open a ticket here directly.
Thanks in advanced.

Receiving AUTHORIZATION_NEEDED when doing app enrollment.

Hi Team,

In our android app, I am unable to register the app for enrollment. Everything is set up according to sample which is provided but still i am receiving always "AUTHORIZATION_NEEDED" error code when i call registerAccountForMAM().

I am using MSAL with intune SDK and the app is registered as multi tenant.
In AuthenticationCallback class : acquireToken(), i always get "AUTHORIZATION_NEEDED" notification status with below error

"com.microsoft.identity.client.exception.MsalUiRequiredException: AADSTS65001: The user or administrator has not consented to use the application with ID 'XXX' named 'XXX'. Send an interactive authorization request for this user and resource."

Error logs

 at com.microsoft.identity.client.PublicClientApplication$18.onError(PublicClientApplication.java:1894)
at com.microsoft.identity.common.internal.controllers.CommandDispatcher.commandCallbackOnError(CommandDispatcher.java:381)
at com.microsoft.identity.common.internal.controllers.CommandDispatcher.access$1100(CommandDispatcher.java:76)
at com.microsoft.identity.common.internal.controllers.CommandDispatcher$3.run(CommandDispatcher.java:363)
at android.os.Handler.handleCallback(Handler.java:751)
at android.os.Handler.dispatchMessage(Handler.java:95)
at android.os.Looper.loop(Looper.java:154)
at android.app.ActivityThread.main(ActivityThread.java:6682)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1520) 
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1410)

Code in Application class in onCreate()

 MAMEnrollmentManager mgr = MAMComponents.get(MAMEnrollmentManager.class);
        if (mgr != null) {
            mgr.registerAuthenticationCallback(new AuthenticationCallback(getApplicationContext()));
        }
        MAMComponents.get(MAMNotificationReceiverRegistry.class).registerReceiver(notification -> {
            if (notification instanceof MAMEnrollmentNotification) {
                MAMEnrollmentManager.Result result =
                        ((MAMEnrollmentNotification) notification).getEnrollmentResult();

                switch (result) {
                    case AUTHORIZATION_NEEDED:
                    case NOT_LICENSED:
                    case ENROLLMENT_SUCCEEDED:
                    case ENROLLMENT_FAILED:
                    case WRONG_USER:
                    case UNENROLLMENT_SUCCEEDED:
                    case UNENROLLMENT_FAILED:
                    case PENDING:
                    case COMPANY_PORTAL_REQUIRED:
                    default:
                        break;
                }
            } else {
            }
            return true;
        }, MAMNotificationType.MAM_ENROLLMENT_RESULT);

Login Code

PublicClientApplication.createMultipleAccountPublicClientApplication(this,
               R.raw.auth_config,
               new IPublicClientApplication.IMultipleAccountApplicationCreatedListener() {
                   @Override
                   public void onCreated(IMultipleAccountPublicClientApplication application) {
                       mMultipleAccountApp = application;
                       final String[] scope = {"user.read"};
                       if (mMultipleAccountApp != null) {
                           mMultipleAccountApp.acquireToken(MultipleAccountModeActivity.this, scope, getAuthInteractiveCallback());
                       }
                   }

                   @Override
                   public void onError(MsalException exception) {
                   }
               });

Call back code

private com.microsoft.identity.client.AuthenticationCallback getAuthInteractiveCallback() {
       return new AuthenticationCallback() {

           @Override
           public void onSuccess(IAuthenticationResult authenticationResult) {
               IAccount account = authenticationResult.getAccount();
               final String upn = account.getUsername();
               final String aadId = account.getId();
               final String tenantId = account.getTenantId();
               final String authorityURL = account.getAuthority();

               MSUtil.setID(aadId);
               MSUtil.setAccessTokenD(authenticationResult.getAccessToken());

               // Register the account for MAM.
               mEnrollmentManager.registerAccountForMAM(upn, aadId, tenantId, authorityURL);
               final MAMEnrollmentManager.Result registeredAccountStatus = mEnrollmentManager.getRegisteredAccountStatus(upn);
           }

           @Override
           public void onError(MsalException exception) {
           }

           @Override
           public void onCancel() {
           }
       };
   }

Acqure token() in MAMServiceAuthenticationCallback

I have tried various things here, sending our app read token, getting a token based on the resource id, etc. In that case i seem to get NOT_LICENSED.

@Override
    public String acquireToken(@NonNull final String upn, @NonNull final String aadId, @NonNull final String resourceId) {
           final String[] scopes = {resourceId + "/.default"};
            final IAccount account = MSUtil.loadAccounts(MSUtil.getAaid());
            if (account == null) {
                try {
                    throw new MsalUiRequiredException(MsalUiRequiredException.NO_ACCOUNT_FOUND, "no account found for " + aadId);
                } catch (MsalUiRequiredException e) {
                    e.printStackTrace();
                }
            }

            AcquireTokenSilentParameters params =
                    new AcquireTokenSilentParameters.Builder()
                            .forAccount(account)
                            .fromAuthority(account.getAuthority())
                            .withScopes(Arrays.asList(scopes))
                            .build();
            final IAuthenticationResult iAuthenticationResult = mMultipleAccountApp.acquireTokenSilent(params);
            iAuthenticationResult.getAccessToken();   
 }

Config File

{
  "client_id": "906ae7fc-564d-4063-be19-533b2f7cc94c",
  "authorization_user_agent": "DEFAULT",
  "redirect_uri": "msauth://com.workboard.android.app/kbQSwM8PmRJ9K2Sh5lS4A3he9n8%3D",
  "account_mode" : "MULTIPLE",
  "broker_redirect_uri_registered": true,
  "multiple_clouds_supported": true,
  "authorities": [
    {
      "type": "AAD",
      "audience": {
        "type": "AzureADandPersonalMicrosoftAccount",
        "tenant_id": "common"
      }
    }
  ]
}

Here acquireTokenSilent() call is always falling for me with "MsalUiRequiredException: AADSTS65001" error and not able to get the access token.

I would expect to get ENROLLMENT_SUCCEEDED as a result instead of AUTHORIZATION_NEEDED.

MSAL integration

Hello,

Currently this example uses ADAL for intune MAM sdk. Are there any plans to use MSAL ?

chromeimu source code integration Intune

We use chromeimu source code to compile and generate secure browser. Now when we need to connect with Intune-sdk, we find that SDK cannot be integrated into the browser source code. For this problem, do you have any way to deal with it for my reference?

New logo/icon proposal

Good day sir. I am a graphic designer and i am interested in designing a logo for your good project. I will be doing it as a gift for free. I just need your permission first before I begin my design. Hoping for your positive feedback. Thanks

Policy not getting from Itune Portal

Please provide information on how to fetch policies from intune portal. I followed this three steps :1) The app must implement and register an instance of the MAMServiceAuthenticationCallback interface. The callback instance must be registered in the onCreate() (or onMAMCreate()) method of the Application subclass.

When an account is created and the user successfully signs in with MSAL, the app must call registerAccountForMAM.

When an account is removed, the app should call unregisterAccountForMAM to remove the account from Intune management.
And still when i changed policy from portal , it would not affect to my application.

AADSTS90013: Invalid input received from the user.

I clone the demo and run it in Android Studio

E/AcquireTokenRequest:tryAcquireTokenSilent:  [2020-01-17 05:35:49 - 86c80666-13f5-42e3-8854-28cd173c2eed] AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED:Prompt is not allowed and failed to get token. No result returned from acquireTokenSilent ver:1.16.3 Android 28

Is this sample app available to test app protection policy?

I config the sample with my own auth_config and able to log in with MSAL. Then I create a app protection policy for this app in admin console, but the policy is not applied. My question: Is this sample app available to test app protection policy? Or I need to set up other code to test app protection policy with this sample app. Thanks in advance.

[Build Issue] Unsupported Java and Gradle Versions

Hello,

I'm experiencing an issue when attempting to build app using Android Studio. I think my current environment is not compatible with the project, leading to a build failure. The specific error I'm encountering is related to the Java and Gradle versions:

This is the compilation error i get:

Environment Details:
Java Version: 17.0.9
Gradle Version: 6.2
Android Studio Version: Android Studio Iguana | 2023.2.1 Patch 1 (Runtime version: 17.0.9+0-17.0.9b1087.7-11185874 aarch64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.)

Attempted Solutions:

Tried upgrading the Gradle wrapper to version 7.2 as suggested by the error message.
Tried downgrading Java to version 11

Is anyone is familiar with this problem and to seek advice on the specific versions of Java, Gradle, and Android Studio that I need to use to successfully build the project.
Any guidance or recommendations on resolving this issue would be greatly appreciated.

Why have you made the SDK integration so complicated ?

why have you made the SDK integration so complicated? You can make it simple to integrate. The way it is now, it blows the mind of first timers

Android 13 & 14 throughs MAMActivity not found

Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xc in tid 14141 (tilineforintune), pid 14141 (tilineforintune)
---------------------------- PROCESS STARTED (15153) for package ----------------------------
2023-10-26 13:24:28.381 15150-15150 DEBUG crash_dump64 A Cmdline:
2023-10-26 13:24:28.381 15150-15150 DEBUG crash_dump64 A pid: 14141, tid: 14141, name: tilineforintune >>> <<<
2023-10-26 13:24:28.382 15150-15150 DEBUG crash_dump64 A #26 pc 000000000042f092 /data/app/~~4xBMhCKU-_Y0KwGU_khOog==/ -HXqoRsVJceCR-C6m9ff0GQ==/base.apk (com.google.android.gms.common.GooglePlayServicesUtilLight.getRemoteContext+6)
2023-10-26 13:24:28.382 15150-15150 DEBUG crash_dump64 A #31 pc 00000000004e0d40 /data/app/~~4xBMhCKU-_Y0KwGU_khOog==/ -HXqoRsVJceCR-C6m9ff0GQ==/base.apk (com.google.android.gms.security.ProviderInstaller.installIfNeeded+0)
2023-10-26 13:24:28.382 15150-15150 DEBUG crash_dump64 A #36 pc 0000000000378fe0 /data/app/~~4xBMhCKU-_Y0KwGU_khOog==/ -HXqoRsVJceCR-C6m9ff0GQ==/base.apk (com.moviuscorp.myids.util.m0.k0+12)
2023-10-26 13:24:28.382 15150-15150 DEBUG crash_dump64 A #38 pc 00000000003f65ca /data/app/~~4xBMhCKU-_Y0KwGU_khOog==/ -HXqoRsVJceCR-C6m9ff0GQ==/base.apk (com.moviuscorp.myids.home.main.StartActivity.onMAMCreate+74)
2023-10-26 13:24:28.382 15150-15150 DEBUG crash_dump64 A #64 pc 00000000002e5fca /data/app/~~4xBMhCKU-_Y0KwGU_khOog==/ -HXqoRsVJceCR-C6m9ff0GQ==/base.apk (com.microsoft.intune.mam.client.app.MAMActivity.onCreate+18)

Can't login ReactMAM example

Hi, i get this message when trying to login with the apk file from ReactMAM example
"Please update the authentication values for your application."

Build Failure

When tried building it from the source the following error is reported.

Unexpected scopes found in folder '/workspaces/shamsworkspace/Taskr-Sample-Intune-Android-App-master/app/build/intermediates/transforms/MamifyTransform/debug'. Required: SUB_PROJECTS. Found: PROJECT, SUB_PROJECTS

Please update Intune SDK version; sample apps can't work without bump to 7.x

Hey team,

Took a long bit of trial and error to learn this, but, this Intune certificate rotation that occurred recently has created a problem for any Intune SDK enabled apps that haven't updated to use the newly rotated certificates. These sample apps haven't made that leap, and thus they fail to get MAM policies.

You can eventually spot the evidence with logcat,

05-27 12:06:14.108 18239 18610 I TelemetryLogger: tracked occurrence SSL_CERT_VALIDATION_FAILED_MSIT_CERT_NOT_FOUND : CN=mam.manage.microsoft.com,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=WA,C=US -> CN=Microsoft Azure TLS Issuing CA 06,O=Microsoft Corporation,C=US ->
05-27 12:06:14.118 18239 18610 W iceLookupOperationsImpl: Failed to get MAM service url from lookup service due to network error; activity id: {3AFC9F11-1BEC-4952-B2DC-53A63C2C2B5C}
05-27 12:06:14.118 18239 18610 W iceLookupOperationsImpl: javax.net.ssl.SSLHandshakeException: Unable to verify certificate.

[...]
05-27 12:06:14.120 18239 18610 I .MAMServiceLookupThread: Not updating MAMServiceURL time after network error
05-27 12:06:14.121 18239 18610 W .MAMServiceLookupThread: failed to get a MAM Service URL
05-27 12:06:14.122 18239 18610 I AMEnrollmentStatusCache: Recording offline MAM enrollment result: NOT_LICENSED for identity [email protected]
05-27 12:06:14.130 18239 18610 I MAMWEAccountRegistry: updating account [email protected] with status NOT_LICENSED
05-27 12:06:14.136 18239 18610 I lineMAMWERetryScheduler: For MAMWE error NETWORK_ERROR using retry interval 640000

Updating to the latest Intune SDK files also requires bumping the build.gradle gradle plugin version to 3.5.4 to resolve package visiblity errors - https://android-developers.googleblog.com/2020/07/preparing-your-build-for-package-visibility-in-android-11.html

To integrate Intune SDK in android App without MSAL

Hi,
I have created a LOB app (android intune SDK integrated) on https://endpoint.microsoft.com & on azure portal. I am able to apply an app protection policy on the app. But every time I have to authenticate users with MSAL.

For this I refered https://github.com/msintuneappsdk/Taskr-Sample-Intune-Android-App.

Is there any way so we can skip MSAL authentication and enroll users for MAM policy??

Also if the same LOB app is to be shipped to google play store, how will we apply policies??

Is there any difference between LOB and store app while both are integrated with android SDK??

Difference in App Un-enrollment behavior in iOS and Android

When un-enrolling the app by calling

MAMEnrollmentManager::unregisterAccountForMAM(String upn)

in iOS, method accepts additional flag 'withWipe' but in Android app's data gets wiped forcefully.

Is there any way we can get similar behavior as iOS?
We don't really want to wipe the app's data in Android.

Code is not building in Android studio

Getting this error while build apk:

C:\Users\Administrator\InTune\Taskr-Sample-Intune-Android-App\app\src\main\java\com\microsoft\intune\samples\taskr\authentication\AuthManager.java:18: error: cannot find symbol
import com.microsoft.aad.adal.AuthenticationCallback;
^
symbol: class AuthenticationCallback
location: package com.microsoft.aad.adal

Differentiating between Intune and Non-Intune users?

Hi,
This is more of a guidance request than an issue.
I have added Intune android SDK to my app . I have a common app for both intune and non-intune supported users. Intune users enroll their device through the company portal app and the intune policies are honored in the app. Now is there a way for me to differentiate between users who have enrolled to intune and users who haven't?
I have tried using MAMNotificaitionReceiver with EnrollMentResult but it wasn't returning me anything. I have been searching a lot for this but couldn't find a proper solution to the problem.
I hope you could provide me some guidance?

[Feature Request] Provide .NET MAUI Taskr Equivalent

Please provide a .Net MAUI sample application that demonstrates the use and implementation of the recently released Intune SDK for Android.

Also please update the documentation at https://learn.microsoft.com/en-us/mem/intune/developer/app-sdk-xamarin which is still pointing to the 4 year old "Taskr" sample application targeting Android 9 (!)

Thanks a lot,
Tom

Unable to sign up in app

While trying to sign in getting exception:
2020-10-29 11:35:50.430 18162-18182/? E/DatabaseUtils: Writing exception to parcel
java.lang.SecurityException: Permission Denial: writing com.sec.android.provider.badge.BadgeProvider uri content://com.sec.badge/apps from pid=17349, uid=10127 requires com.sec.android.provider.badge.permission.WRITE, or grantUriPermission()

While debugging i found mUserAccount variable is null, leading to exception which in catched in MainActivity: BrowserTabActivity is missing in AndroidMenisfest..
I have comapny portal in my device, using teams and other app successfully.

Kindly help to resolve this problem...
yeah, Thanks for update code yesterday, it fixed code build problem for me.

android:exported needs to be explicitly specified for element <receiver#com.microsoft.intune.mam.client.service.MAMBackgroundReceiver>

I am using below version in build.gradle
buildToolsVersion = "31.0.0"
minSdkVersion = 21
compileSdkVersion = 31
targetSdkVersion = 31

And I got the below issue.

Manifest merger failed : android:exported needs to be explicitly specified for element <receiver#com.microsoft.intune.mam.client.service.MAMBackgroundReceiver>. Apps targeting Android 12 and higher are required to specify an explicit value for android:exported when the corresponding component has an intent filter defined. See https://developer.android.com/guide/topics/manifest/activity-element#exported for details.

Caused by: java.lang.ClassCastException: com.microsoft.intune.mam.client.view.PolicyWindowManager cannot be cast to android.view.WindowManagerImpl

Im integrating intune for our app in that we are also using chinalwb/Android-Rich-text-Editor (https://github.com/chinalwb/Android-Rich-text-Editor)....but getting following crash

java.lang.RuntimeException: Unable to start activity ComponentInfo{com.ms.portal/com.ms.engage.ui.ShareScreen}: java.lang.ClassCastException: com.microsoft.intune.mam.client.view.PolicyWindowManager cannot be cast to android.view.WindowManagerImpl
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3449)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3601)
at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:85)
at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:135)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:95)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2066)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:223)
at android.app.ActivityThread.main(ActivityThread.java:7656)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)
Caused by: java.lang.ClassCastException: com.microsoft.intune.mam.client.view.PolicyWindowManager cannot be cast to android.view.WindowManagerImpl
at android.view.Window.setWindowManager(Window.java:822)
at android.view.Window.setWindowManager(Window.java:804)
at android.app.Dialog.(Dialog.java:207)
at android.app.Dialog.(Dialog.java:181)
at com.microsoft.intune.mam.client.app.MAMDialog.(MAMDialog.java:37)
at androidx.appcompat.app.AppCompatDialog.(AppCompatDialog.java:57)
at androidx.appcompat.app.AlertDialog.(AlertDialog.java:98)
at androidx.appcompat.app.AlertDialog.(AlertDialog.java:88)
at com.chinalwb.are.styles.windows.AlignmentPickerDialog.(AlignmentPickerDialog.java:24)
at com.chinalwb.are.styles.toolitems.styles.ARE_Style_Alignment.(ARE_Style_Alignment.java:51)
at com.chinalwb.are.styles.toolitems.ARE_ToolItem_AlignmentLeft.getStyle(ARE_ToolItem_AlignmentLeft.java:56)
at com.chinalwb.are.AREditText.setToolbar(AREditText.java:200)
at com.ms.engage.ui.ShareScreen.setupRichTextToolbar(ShareScreen.java:925)
at com.ms.engage.ui.ShareScreen.initViews(ShareScreen.java:824)
at com.ms.engage.ui.ShareScreen.onMAMCreate(ShareScreen.java:486)

Demo App Stuck at "Install Company Portal app" dialog

Trying out Demo app for MAM.

Created app in Intune portal
Added permissions and ran the app
Signed in with assigned user
sign successful
Shows prompt to install Company Portal

Stuck forever at screen 5, ever after app restart, device restart.

Also tried clearing app data while company portal is still installed and then logging in the demo app. It still shows the dialog from step 5.

I upgraded the libraries to latest version -> 5.7.1

Android Gradle Plugin upgrade indicates "Mam enabled: No" when uploading as lob to intune

Hi there,

I'm having issues when I try to upgrade the AGP ( Android Gradle Plugin ) version of this sample,
Step to reproduce :

downloaded latest version of the Taskr sample source code from here,
open it with Android Studio, generate signed release apk,
uploading the apk to intune as lob app,
indicates "MAM Enabled: Yes", everything's fine,
current project settings :
Gradle version 6.2
AGP : 4.0.2

Upgrading only Gradle version to 6.9.3, keeping AGP to 4.0.2,
uploading new generated signed apk to intune,
still indicates "MAM Enabled: Yes" ...

Now upgrading AGP to any version to 4.2.0 or any above,
( version till 4.1.3 are OK )
when uploading to intune, it indicates "MAM Enabled: No"
( uploading the debug apk indicates "Yes" )

if modifying it again, and set it back to 4.0.2 or 4.1.3,
intune indicates "MAM Enabled: Yes"

Nothing else is modified except the version of these...

My question is : Why the upgrade of AGP fails the enabling of MAM ?
Are some additional parameters needed to make it work ?

If I start a new project from scratch with Android Studio,
by default Gradle version is 7.5 and AGP is 7.4.1,
after integrating msal and intune SDKs, I have the same issue...

Best regards

msintuneappsdk / taskr-sample-intune-android-app Goto Github PK