Microsoft Intune is a cloud service that allows admins to manage Windows, macOS, iOS/iPadOS, and Android applications and devices in their enterprise environment.
Microsoft says some Samsung Galaxy devices will be marked as non-compliant with the organization’s security requirements in Microsoft Intune’s management interface after automatic restarts or after installing managed updates.
This could potentially affect access to corporate resources, depending on the Conditional Access policies set by the IT administrator, the issue can impact a wide range of Android versions from Android 9 and up.
It can be encountered after automatic restarts scheduled from the Settings dialog on devices running Android 9 and later, with an Android Enterprise personally owned work profile or enrolled using Android device administrator (DA), also known as “legacy” Android management.
On Android Enterprise fully managed Samsung devices running Android 11 or later, the known issue will trigger after completing a managed update,the immediate result of the device being tagged as non-compliant is that users will likely be blocked from accessing corporate resources.
For both classes of devices, users can work around the issue by triggering a device sync to restore access to blocked corporate resources.
The difference between Android (DA) managed devices and Android Enterprise fully managed devices is the method used to start the sync process. For Android 9 or later, have to trigger the sync from the Company Portal, while for those running Android 11+ you need to do it from the Device Policy Controller app.