03-25-2025 06:35 AM
Hello
We'd like to use Global Protect on Android (latest Samsung). There devices are managed by Intune in Full Management profile.
For Global Protect we use SAML profile with MFA and Conditional Access.
All our users have compliance requirements (by conditional access policies) to use SAML only on compliant devices.
Global protect cannot bypass this info for AAD.
Of course, we can remove compliance requirements for Global Protect App in AAD, but this will create huge security hole in our security.
What to do ?
03-26-2025 02:59 PM
Can you provide more detail about what the actual issue is? I've re-read your post a couple times and I'm kind of lost on what you're actually running into and what the actual problem is in your post.
03-27-2025 01:58 AM
Ok, Lets clarify.
We have some mobile based on Android. We want to use global protect client to start our internal web site.
Our Global protect uses SAML profile for authentication (Office365).
But we have Intune for management of devices, they are in fully management profile. In our conditional access policies (Azure Active Directory) we require that all apps must be connnected from COMPLIANT devices. All office apps and edge works fine.
The problem is that Global Protect client started on Android devices cannot pass this information to Azure Active Directory).
On Windows works fine. I think that it is limitation of global protect client on Android.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
