Skip to main content
Question

Microsoft Company Portal on Windows will not sync.

  • June 25, 2024
  • 7 replies
  • 3895 views
B
Forum|alt.badge.img+5

If Netskope client is enabled, I cannot sync the company portal app (Microsoft Intune). it just fails.  Disable NS client and it works just fine.  All the default pinned apps for Microsoft Intune is enabled and assigned to the steering config my client is assigned.  Packet Capture shows that it is still trying to use the NS cert which I thought would be by-passed by the certificate exception.

    This topic has been closed for replies.

    7 replies

    M
    • mbouillaguet
    • New Member III
    • 3 replies
    • July 1, 2024

    We see the same things here. Did you solve this issue ?

    B
    Forum|alt.badge.img+5
    • barrycuda72
    • Author
    • New Member
    • 6 replies
    • July 1, 2024

    Yes.  I got this from support.

    Could you please add the following process separated by commas in the cert-pin app definition:

    ---For Windows intunewindowsagent.execompanyportal.exeomadmclient.exemicrosoft.management.servicesintunewindowsagent.exeagentexecutor.exedeviceenroller.exe
    		 
    ---For Mac company portalmdmclientwdavdaemon_enterprise
    M
    • mbouillaguet
    • New Member III
    • 3 replies
    • July 1, 2024

    This is already what is present in the Netskope default Microsoft Intune certificate pinned app so this shouldn’t fix the issue.

    S
    Netskope Employee
    Forum|alt.badge.img+16
    • sshiflett
    • Netskope Employee
    • 277 replies
    • July 2, 2024

    @barrycuda72

    I have seen cases where you must also bypass manage.microsoft.com and dm.microsoft.com from SSL inspection or steering.  Microsoft does not support SSL interception on these endpoints.  I believe there are subdomains in these as well so I’d test with *.manage.microsoft.com and *.dm.micrsoft.com.  I believe there are already discussions around adding these to the default SSL and steering bypasses in Netskope but I’d need to confirm internally. 

    Sam Shiflett | Netskope Solution Architect - North America
    M
    • mbouillaguet
    • New Member III
    • 3 replies
    • July 3, 2024

    We had already tested with manage.microsoft.com because those subdomains always appear in the logs in cas of Intune synchronization but it seems that it was not sufficient.

     

    I hadn’t notice for dm.microsoft.com.

     

    Looking at our logs I see only checkin.dm.microsoft.com.

     

    We will try with manage.microsoft.com and checkin.dm.microsoft.com to see if it is sufficient.

     

    Regards

    S
    Netskope Employee
    Forum|alt.badge.img+16
    • sshiflett
    • Netskope Employee
    • 277 replies
    • July 3, 2024

    @mbouillaguet please ensure you’ve bypassed the subdomains for manage.microsoft.com and dm.microsoft.com.  I have seen in client logs in the past that the company portal process uses r.manage.microsoft.com in some cases as well.

    Sam Shiflett | Netskope Solution Architect - North America
    P
    • pccnetengra
    • New Member III
    • 2 replies
    • August 8, 2024

    Confirmed fix.

    NetSkope Settings > Security Cloud Platform > App Definition > Certificate Pinned Apps

    Find ‘Microsoft Intune’ click … [Steering Config Exceptions]

    Edit ‘Action’ for your steering configuration

    Add (manage.microsoft.com, dm.microsoft.com) to ‘Custom App Domains’

    Save.

     

    Open Windows Settings > Accounts > Access Work or School

     

    Click on your domain > Click Info

    Scroll down > Click ‘Sync’

     

    Badges Winner

    Show all badges

    Not finding what you're looking for?

    Don't be shy and let us know about your challenge.

    Ask your question here!
    Terms & ConditionsCookie settingsAccessibility statement