Product Guides are now available in the beta release of the redesigned, AI-powered docs.box.com. Check out all the details on what's changed.

Box Status
Print

Troubleshooting "Intune Mobile Application Management is required by your Box Administrator."

Troubleshooting

Symptom

When logging into the Box mobile app (Box for EMM, Box for iPhone/iPad, or Box for Android), a user may see the message: "Intune Mobile Application Management is required by your Box Administrator."

2020-12-15_Screenshot_MOBILE-7423.png

 

Root Cause

This message appears when the Box mobile app does not meet the Intune Mobile Application Management (MAM) protection requirement set by your administrator.

When an administrator enables the setting that requires the Box mobile app to be enrolled in Intune MAM protection, users cannot log in on a Box mobile app that is not protected by Intune MAM policies (also known as app protection policies).

 

Environment

This article applies to Box mobile apps where Intune MAM is required. The requirement can be enforced with or without MDM:

Box for EMM (Intune MAM with MDM)

The Intune Enterprise value is set to 1 in the app configuration policy in the Microsoft Intune admin center.

Box for iOS/Android (Intune MAM without MDM)

The Intune Mobile Application Management (Intune MAM) toggle is enabled on the Mobile tab of the Box Admin Console.

Identify which deployment applies before following the troubleshooting steps below. Configuration checks differ between Box for EMM and the standard Box mobile apps.

 

Process for Resolution

  1. Verify Intune MAM Setup:
    • Ensure Intune MAM is correctly set up and applied to the Box mobile app.
    • Check both app configuration policy and app protection policy are configured as per the setup guide.
    • Confirm the policies are assigned to the user.
  2. Check Configuration:
    • Ensure there are no typos or missing key value pairs in the app configuration policy. Refer to the configuration guide.
      • The keys are typically case-sensitive and must perfectly match. Trailing spaces at the end of the key/value can cause issues.

    • Verify that the Microsoft account UPN matches the Box user's login address. This is crucial if userprincipalname is not set in the app configuration policy (Box for EMM), or when users sign in without SSO (Box for iPhone/iPad and Box for Android). 
      Note:

      • Non-SSO sign-in: After Box sign-in, the mobile app uses the Box user's primary login address to enroll the user in Intune MAM. If this address differs from the Microsoft account UPN used during Intune enrollment, the user may complete Box sign-in but remain blocked with the "Intune Mobile Application Management is required" message.

      • SSO sign-in: The Box login service supplies the user's Entra UPN to the mobile app during sign-in via MSAL. The app then enrolls the user in Intune MAM using that Microsoft identity. A separate match between the Box primary login address and the Microsoft UPN is not required for this flow.

  3. Review Policy Status:
  4. Submit a Support Ticket:
    • If the issue persists, submit a ticket to Box Support with the following information:
      • Login address of the affected user
      • Timeframe of failed login
      • Video recording of the login attempt (Steps for iOS: Apple Support)
      • Screenshot of Intune app configuration policy (if using Box for EMM)
      • Screenshot showing the policy status on Microsoft Intune admin center
      • Scope of impact (whether the issue affects a specific user/device or all users/devices)

 

Outcome

  • You should be able to log in to the Box mobile app without encountering the “Intune Mobile Application Management is required” message.
  • The app will be protected by Intune MAM policies as required by the administrator.

Related articles