https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-on-android-vs-compliance-requirements-from-intune/m-p/1224895#M6608 <P>Ok, Lets clarify.</P> <P>We have some mobile based on Android. We want to use global protect client to start our internal web site.&nbsp;</P> <P>Our Global protect uses SAML profile for authentication (Office365).</P> <P>But we have Intune for management of devices, they are in fully management profile. In our conditional access policies (Azure Active Directory) we require that all apps must be connnected from COMPLIANT devices. All office apps and edge works fine.</P> <P>The problem is that Global Protect client started on Android devices cannot pass this information to Azure Active Directory).&nbsp;</P> <P>On Windows&nbsp; works fine. I think that it is limitation of global protect client on Android.</P> Thu, 27 Mar 2025 08:58:59 GMT ITSpravia 2025-03-27T08:58:59Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-on-android-vs-compliance-requirements-from-intune/m-p/1224642#M6600 <P>Hello</P> <P>We'd like to use Global Protect on Android (latest Samsung). There devices are managed by Intune in Full Management profile.</P> <P>For Global Protect we use SAML profile with MFA and Conditional Access.</P> <P>All our users have compliance requirements (by conditional access policies) to use SAML only on compliant devices.</P> <P>Global protect cannot bypass this info for AAD.&nbsp;</P> <P>Of course, we can remove compliance requirements for Global Protect App in AAD, but this will create huge security hole in our security.</P> <P>What to do ?</P> Tue, 25 Mar 2025 13:35:23 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-on-android-vs-compliance-requirements-from-intune/m-p/1224642#M6600 ITSpravia 2025-03-25T13:35:23Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-on-android-vs-compliance-requirements-from-intune/m-p/1224856#M6604 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/594840627">@ITSpravia</a>,</P> <P>Can you provide more detail about what the actual issue is? I've re-read your post a couple times and I'm kind of lost on what you're actually running into and what the actual problem is in your post. </P> Wed, 26 Mar 2025 21:59:31 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-on-android-vs-compliance-requirements-from-intune/m-p/1224856#M6604 BPry 2025-03-26T21:59:31Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-on-android-vs-compliance-requirements-from-intune/m-p/1224895#M6608 <P>Ok, Lets clarify.</P> <P>We have some mobile based on Android. We want to use global protect client to start our internal web site.&nbsp;</P> <P>Our Global protect uses SAML profile for authentication (Office365).</P> <P>But we have Intune for management of devices, they are in fully management profile. In our conditional access policies (Azure Active Directory) we require that all apps must be connnected from COMPLIANT devices. All office apps and edge works fine.</P> <P>The problem is that Global Protect client started on Android devices cannot pass this information to Azure Active Directory).&nbsp;</P> <P>On Windows&nbsp; works fine. I think that it is limitation of global protect client on Android.</P> Thu, 27 Mar 2025 08:58:59 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-on-android-vs-compliance-requirements-from-intune/m-p/1224895#M6608 ITSpravia 2025-03-27T08:58:59Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-on-android-vs-compliance-requirements-from-intune/m-p/1225815#M6648 <P>Official support said that the only way to enable it in our environment is to add global protect app as exception in Conditional access polisy in Azure Active Directory.</P> Mon, 07 Apr 2025 08:32:05 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-on-android-vs-compliance-requirements-from-intune/m-p/1225815#M6648 ITSpravia 2025-04-07T08:32:05Z