Does Microsoft Intune App Protection Policy Require the Company Portal App on Android?

By /
Does Microsoft Intune App Protection Policy Require the Company Portal on Android?

When using Microsoft Intune to protect work data on Android devices, many users notice that Outlook or other managed apps prompt them to install the Company Portal app, even when device enrollment isn’t required. This has caused confusion among users who think they must fully enroll their device in Intune.

Here’s what’s actually happening — and what you need to know.

🧩 Yes, Company Portal Is Required — But Enrollment Is Not

The Company Portal app is a required component for Intune App Protection Policies (APP) on Android. It serves as a “broker” application, allowing communication between Microsoft Intune and other managed apps such as Outlook, Teams, Word, or Excel.

Think of it as a bridge — it connects your work apps with your organization’s Intune policies, without enrolling your entire device in management.

⚙️ Why Company Portal Is Needed

  • Acts as the management broker:
    The Company Portal app enforces Intune policies (like PIN requirements or data protection rules) by connecting to Microsoft’s Intune service.
  • Similar to Authenticator on iOS:
    On iPhones, Microsoft Authenticator performs this same function. For Android, the Company Portal takes that role.
  • Enables App Protection Policy communication:
    Apps like Outlook don’t talk directly to Intune — they rely on Company Portal to sync compliance and protection settings.

🚫 Enrollment Is Not Required

Although you must install Company Portal, you don’t have to enroll your device into full Mobile Device Management (MDM).

You only need to:

  1. Install the Company Portal app from the Play Store.
  2. Sign in with your work account when prompted.
  3. Open Outlook (or another managed app) and complete setup.

Once signed in, Intune App Protection Policies will apply automatically — without enrolling your personal device.

⚠️ Be Careful with Enrollment Settings

One Reddit user pointed out an important detail:
If your organization hasn’t restricted Android device enrollment, some users may accidentally trigger full enrollment when signing in through Company Portal.

Recommendation:
Admins should review their Intune configuration:

  • Go to Devices → Android → Enrollment → Enrollment restrictions.
  • Ensure you’ve configured whether personal Android devices are allowed to enroll or not.

This prevents confusion and maintains control over how users connect.

Key Takeaways

  • Company Portal app is required for Android App Protection Policies.
  • No device enrollment is needed — installation is enough.
  • ✔ It acts as a communication broker between Intune and managed apps.
  • ✔ Make sure enrollment restrictions are configured to prevent accidental MDM enrollment.

In short:
If you’re using Intune App Protection on Android, installing the Company Portal is mandatory — but device enrollment isn’t. It’s simply there to make sure your work apps follow your organization’s data protection rules.

LinkedInCopyPinterestRedditTelegram

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by
Scroll to Top