Office365 account login fails with "device not registered"

[bonhomme]

Hi!

For a couple of years I've had AquaMail working on an android device (Galaxy Note 9) which is managed by Intune, using the Office365 account type. When I would set up the account, it would give me an option like "sign in with Intune" which opened the Intune app, prompted for details through that, then worked.

At one point in early July, this stopped working, and the process would instead take me to a browser frame going to the OAUTH2 sign-in page, which would then say the device was unregistered. However, expanding "more details" on the error page shows that it is not sending any device ID (so Intune cannot match the device). I've had that confirmed with our company IT folks, with whom I have a good relationship and they were happy to help me debug this. Screenshot attached.

Since the device is not matched, I just get a page saying I must enrol the device (it is already enrolled and compliant).

Naturally the Microsoft Outlook app works 'magically' with the sign-in but it also ravages the battery so I am not a huge fan of it. Other third-party apps (tested Gmail and Samsung Mail) with the same account give me the browser frame, but after login there is a request that pops up to "use certificate" - after which the sign-in process works. I've attached a screenshot of the certificate request from Gmail - to be clear this step does not happen with AquaMail.
(If I choose "Deny", then I get taken to a similar page as with AquaMail, shown in the first screenshot, although the device ID is not "not available" in this case).

I thought it might be solved by a general "start again" approach and recently, when I replaced the phone I was using (for other reasons) with a new device, I was hoping it would work, but no such luck. (What hasn't changed is the Outlook app's battery-hungry behaviour - although there is now a bigger battery for it to eat).

There seem to be some other topics about this issue from 2018, for example https://www.aqua-mail.com/forum/index.php?topic=5771.0, but it seems like at that time this method of authentication was unsupported, but has since been added as a feature and should be expected to work.

It's fashionable to mention on these posts that I am a user of the paid version, for whatever that's worth.

[bonhomme]

Replying to my own post (sorry!)

I have traced this to v1.37's update of the authentication method referred to here https://www.aqua-mail.com/forum/index.php?topic=8450.15, which looks like it was not properly tested with InTune.

After downgrading to 1.36 per instructions in one of the responses to that thread, I can "Log in with InTune" again.

V

[mraninsufidluk]

This just failed for me on 12-Oct-2022. Same behavior/issues as above. I am using 1.39.0-203. IT told me to delete the account. Reinstalling it fails, I keep getting asked to install Intune but it is already installed and verified compliant. Then IT told me to switch to Outlook.