Question Company Portal (InTune) detects root - anyone else?

Search This thread

p4ra

Senior Member
Oct 23, 2012
91
37
www.google.com
I have zero interest in rooting my phone, but because 5G/VoLTE/VoWiFi are not supported in my country (Slovakia) I had to root it. After successful root, passing SafetyNet and pretty much make everything to work as expected, my Company Portal is detecting root when running Teams and Outlook provisioned by my Company Portal despite having them in DenyList. Is there anyone who managed to pass this?

Thank you.
 

p4ra

Senior Member
Oct 23, 2012
91
37
www.google.com
@chaos193, did you use Riru along?

Or maybe even better question if you don't mind - what modules are you using to successfully pass SafetyNet and hide root?

Can you list them one by one, please?
 

p4ra

Senior Member
Oct 23, 2012
91
37
www.google.com
I have tried your suggestions, but still does not seem to work. Adding screenshots.

Can you help me, please? What is wrong with my setup?
 

Attachments

  • Screenshot_20221124-100716.png
    Screenshot_20221124-100716.png
    92.6 KB · Views: 156
  • Screenshot_20221124-100814.png
    Screenshot_20221124-100814.png
    178.4 KB · Views: 150
  • Screenshot_20221124-100712.png
    Screenshot_20221124-100712.png
    109.1 KB · Views: 153
  • Screenshot_20221124-100739.png
    Screenshot_20221124-100739.png
    180.9 KB · Views: 149
  • Screenshot_20221124-100759.png
    Screenshot_20221124-100759.png
    147.5 KB · Views: 154

Blaze1001

New member
Feb 2, 2014
1
0
Following steps work 100% - I had the same issue.

1. Use magisk canary.
2. Install universal safetynet fix MOD 2.0 from displax (Google for "displax github")
3. Use latest shamiko module
4. Activate zygisk
5. Don't enforce denylist
6. Go to denylist and chose all Microsoft apps and tick ALL options for each app.
7. Hide magisk app
 

binoysankar

Senior Member
Aug 19, 2016
343
132
Bangalore
I had issue with a specific banking app which detects root by most of the methods. I made it working by using shamiko + airfrozen which i was not really liking.
Now i wnded up with a forked project of magisk bu Husky called magisk delta which brought back magisk hide along with zygisk. With this i don't need shamiko, magiskpropshide, airfrozen or any modules for hiding the root from apps. Yes for safetynet you can use the modded veraion by D. Below is the link. If you are interested have a look at Magisk Delta by HuskyDG... I use the magisk delta canary builds...
 

Attachments

  • 1000024125.png
    1000024125.png
    243.6 KB · Views: 95

p4ra

Senior Member
Oct 23, 2012
91
37
www.google.com
I have made it work with first approach. I did a restart of the phone and it worked.

What I am wondering though is the following - I have used the VoLTE/VoWiFi/5G Magisk module, but I don't see the "HD" icon during the call, even though I can browse the internet (when I am not on WiFi). And despite 5G coverage of my current carrier in my area, I don't see 5G icon.

Is there any other module I am missing for this last piece of puzzle?

And last but not least. What scares me the most is that next OTA will completely screw me over after setting everything up. I wish there was a clear tutorial on how to OTA and keep the root without wiping everything out.
 

craigacgomez

Senior Member
Jan 29, 2010
2,182
3,889
Tustin
I have made it work with first approach. I did a restart of the phone and it worked.

What I am wondering though is the following - I have used the VoLTE/VoWiFi/5G Magisk module, but I don't see the "HD" icon during the call, even though I can browse the internet (when I am not on WiFi). And despite 5G coverage of my current carrier in my area, I don't see 5G icon.

Is there any other module I am missing for this last piece of puzzle?

And last but not least. What scares me the most is that next OTA will completely screw me over after setting everything up. I wish there was a clear tutorial on how to OTA and keep the root without wiping everything out.
I'm not quite sure which VoLTE/VoWiFi/5G Magisk module you are referring to, but I believe enabling 5G requires modified mbn files specific to your country/region.

Regarding OTAs, there are two "How To" guides here with all the details you need.
 

znbaboy

Member
Feb 6, 2017
49
11
OnePlus 7 Pro
Following steps work 100% - I had the same issue.

1. Use magisk canary.
2. Install universal safetynet fix MOD 2.0 from displax (Google for "displax github")
3. Use latest shamiko module
4. Activate zygisk
5. Don't enforce denylist
6. Go to denylist and chose all Microsoft apps and tick ALL options for each app.
7. Hide magisk app

I have done exactly this but it still detects :(

Oneplus 7 pro
LineageOS 19.1 Nov 27th nightly build
 

craigacgomez

Senior Member
Jan 29, 2010
2,182
3,889
Tustin
This should be all that's needed to pass the compliance checks for Intune
1. Magisk (Zygisk mode)
2. SafetyNet v2.3.1-MOD_2.0
3. Shamiko v0.5.1 (or higher)
4. Magisk deny-list for the following apps (without Enforce deny-list)
a. Company Portal (Intune)​
b. Microsoft Authenticator (if you use it)​
c. Microsoft Defender (if you use it)​
5. Make sure you clear app data for the apps in the deny list after adding them to the deny list
 

znbaboy

Member
Feb 6, 2017
49
11
OnePlus 7 Pro
This should be all that's needed to pass the compliance checks for Intune
1. Magisk (Zygisk mode)
2. SafetyNet v2.3.1-MOD_2.0
3. Shamiko v0.5.1 (or higher)
4. Magisk deny-list for the following apps (without Enforce deny-list)
a. Company Portal (Intune)​
b. Microsoft Authenticator (if you use it)​
c. Microsoft Defender (if you use it)​
5. Make sure you clear app data for the apps in the deny list after adding them to the deny list

Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...

Still doesn't work. Its weird because it worked for one night and the next morning it stopped.

UPDATE: its LSPosed I think. But this is the only way to force dark mode on some apps....

UPDATE 2: I disabled forced dark mode on all Microsoft apps in LSPosed plugin and its looking good so far...

UPDATE 3: Had a full day with not a single root detection notification. Looks solid!
 
Last edited:

patrickdrd

Senior Member
Mar 24, 2015
745
154
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
one of the worse parts of it, if not the worst, is that nobody knows what it detects and there's no guide that applies to each and every device,
I tried in 3 devices, the exact same steps and files, etc, it worked on the 1st one, but on the other two.. no!
 
  • Like
Reactions: s3axel

s3axel

Senior Member
For all those who still got issues as another idea: Does Google Wallet work ? Is the device play protect certified ?
I ask because to get Wallet to work (and presumably other apps that rely on Safetynet and/or Play Protect certification) the additional step after #5 in the list above is: clear data for Google Play Services and Google Play Store, then reboot (your device will ask for Google backup configuration again).....
 
Last edited:

Top Liked Posts