Question Company Portal (InTune) detects root - anyone else?

Search This thread

p4ra

Senior Member
I have zero interest in rooting my phone, but because 5G/VoLTE/VoWiFi are not supported in my country (Slovakia) I had to root it. After successful root, passing SafetyNet and pretty much make everything to work as expected, my Company Portal is detecting root when running Teams and Outlook provisioned by my Company Portal despite having them in DenyList. Is there anyone who managed to pass this?

Thank you.
 

p4ra

Senior Member
I have tried your suggestions, but still does not seem to work. Adding screenshots.

Can you help me, please? What is wrong with my setup?
 

Attachments

  • Screenshot_20221124-100716.png
    Screenshot_20221124-100716.png
    92.6 KB · Views: 469
  • Screenshot_20221124-100814.png
    Screenshot_20221124-100814.png
    178.4 KB · Views: 490
  • Screenshot_20221124-100712.png
    Screenshot_20221124-100712.png
    109.1 KB · Views: 473
  • Screenshot_20221124-100739.png
    Screenshot_20221124-100739.png
    180.9 KB · Views: 459
  • Screenshot_20221124-100759.png
    Screenshot_20221124-100759.png
    147.5 KB · Views: 459

Blaze1001

New member
Feb 2, 2014
1
1
Following steps work 100% - I had the same issue.

1. Use magisk canary.
2. Install universal safetynet fix MOD 2.0 from displax (Google for "displax github")
3. Use latest shamiko module
4. Activate zygisk
5. Don't enforce denylist
6. Go to denylist and chose all Microsoft apps and tick ALL options for each app.
7. Hide magisk app
 
  • Like
Reactions: Jonaathaan19

binoysankar

Senior Member
Aug 19, 2016
365
140
Bangalore
I had issue with a specific banking app which detects root by most of the methods. I made it working by using shamiko + airfrozen which i was not really liking.
Now i wnded up with a forked project of magisk bu Husky called magisk delta which brought back magisk hide along with zygisk. With this i don't need shamiko, magiskpropshide, airfrozen or any modules for hiding the root from apps. Yes for safetynet you can use the modded veraion by D. Below is the link. If you are interested have a look at Magisk Delta by HuskyDG... I use the magisk delta canary builds...
 

Attachments

  • 1000024125.png
    1000024125.png
    243.6 KB · Views: 260

p4ra

Senior Member
I have made it work with first approach. I did a restart of the phone and it worked.

What I am wondering though is the following - I have used the VoLTE/VoWiFi/5G Magisk module, but I don't see the "HD" icon during the call, even though I can browse the internet (when I am not on WiFi). And despite 5G coverage of my current carrier in my area, I don't see 5G icon.

Is there any other module I am missing for this last piece of puzzle?

And last but not least. What scares me the most is that next OTA will completely screw me over after setting everything up. I wish there was a clear tutorial on how to OTA and keep the root without wiping everything out.
 

craigacgomez

Senior Member
Jan 29, 2010
2,215
3,924
Tustin
I have made it work with first approach. I did a restart of the phone and it worked.

What I am wondering though is the following - I have used the VoLTE/VoWiFi/5G Magisk module, but I don't see the "HD" icon during the call, even though I can browse the internet (when I am not on WiFi). And despite 5G coverage of my current carrier in my area, I don't see 5G icon.

Is there any other module I am missing for this last piece of puzzle?

And last but not least. What scares me the most is that next OTA will completely screw me over after setting everything up. I wish there was a clear tutorial on how to OTA and keep the root without wiping everything out.
I'm not quite sure which VoLTE/VoWiFi/5G Magisk module you are referring to, but I believe enabling 5G requires modified mbn files specific to your country/region.

Regarding OTAs, there are two "How To" guides here with all the details you need.
 

znbaboy

Senior Member
Feb 6, 2017
90
27
OnePlus 7 Pro
Following steps work 100% - I had the same issue.

1. Use magisk canary.
2. Install universal safetynet fix MOD 2.0 from displax (Google for "displax github")
3. Use latest shamiko module
4. Activate zygisk
5. Don't enforce denylist
6. Go to denylist and chose all Microsoft apps and tick ALL options for each app.
7. Hide magisk app

I have done exactly this but it still detects :(

Oneplus 7 pro
LineageOS 19.1 Nov 27th nightly build
 

craigacgomez

Senior Member
Jan 29, 2010
2,215
3,924
Tustin
This should be all that's needed to pass the compliance checks for Intune
1. Magisk (Zygisk mode)
2. SafetyNet v2.3.1-MOD_2.0
3. Shamiko v0.5.1 (or higher)
4. Magisk deny-list for the following apps (without Enforce deny-list)
a. Company Portal (Intune)​
b. Microsoft Authenticator (if you use it)​
c. Microsoft Defender (if you use it)​
5. Make sure you clear app data for the apps in the deny list after adding them to the deny list
 

s3axel

Senior Member
Mar 4, 2013
806
524
Samsung Galaxy S23 Ultra
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
 

znbaboy

Senior Member
Feb 6, 2017
90
27
OnePlus 7 Pro
This should be all that's needed to pass the compliance checks for Intune
1. Magisk (Zygisk mode)
2. SafetyNet v2.3.1-MOD_2.0
3. Shamiko v0.5.1 (or higher)
4. Magisk deny-list for the following apps (without Enforce deny-list)
a. Company Portal (Intune)​
b. Microsoft Authenticator (if you use it)​
c. Microsoft Defender (if you use it)​
5. Make sure you clear app data for the apps in the deny list after adding them to the deny list

Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...

Still doesn't work. Its weird because it worked for one night and the next morning it stopped.

UPDATE: its LSPosed I think. But this is the only way to force dark mode on some apps....

UPDATE 2: I disabled forced dark mode on all Microsoft apps in LSPosed plugin and its looking good so far...

UPDATE 3: Had a full day with not a single root detection notification. Looks solid!
 
Last edited:

patrickdrd

Senior Member
Mar 24, 2015
759
160
OnePlus Nord CE 5G
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
one of the worse parts of it, if not the worst, is that nobody knows what it detects and there's no guide that applies to each and every device,
I tried in 3 devices, the exact same steps and files, etc, it worked on the 1st one, but on the other two.. no!
 
  • Like
Reactions: s3axel

s3axel

Senior Member
Mar 4, 2013
806
524
Samsung Galaxy S23 Ultra
For all those who still got issues as another idea: Does Google Wallet work ? Is the device play protect certified ?
I ask because to get Wallet to work (and presumably other apps that rely on Safetynet and/or Play Protect certification) the additional step after #5 in the list above is: clear data for Google Play Services and Google Play Store, then reboot (your device will ask for Google backup configuration again).....
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    Either use Shamiko or MagiskHidePropsConf to mask additional properties. I can confirm that InTune Company Portal works fine with SafetyNetFix + Shamiko
    2
    Thank you for your response. I have still this issue. Did you log in with your work email or personal email to the Company Portal? If you can open Outlook, Teams, or Edge with the Company Portal, everything is okay.

    My last attempt was in October, I had installed the latest version of the Company Portal. When I opened Outlook or Teams, it showed me like red "Device is healthy" (in the screenshot). I have tried some ways, but I couldn't solve it. Then, I found the solution in this forum, I downloaded an older version of the Company Portal (2.5.0.5975), and it began to work normally. But I can't open Outlook for a week, it tells me I must update the version of the portal. Therefore, I think that if I update the version of the Company Portal, I can't use it.
    Use files from this link for the following instructions

    So... Try this... You'll need to uninstall magisk, whichever version you are using and flash/install the one provided in the link (Magisk Alpha - not to be confused with an alpha version of the original, this version is a fork of the original). I've had issues with numerous apps detecting root in the past, including Barclays UK banking app, but this fork of Magisk really rocks!
    1. Flash Magisk Alpha provided in link and install the app.
    2. Hide the app itself (I call mine Dunkin Donut, rather than the standard 'settings' - not that that should make a difference).
    3. Enable Zygisk
    4. Flash the two modules also induded in the shared link and reboot between each flash (Shamiko v0.7.5 and Universal SafetyNet Fix v2.4.0-MOD 2.0 - by @Displax)
    5. Configure deny list as per the screen shot attached to include all Google parts [ensuring all corresponding tick boxes are ticked for each app, as per screenshot] along with any other apps you need hidden ie Company Portal, Teams, Outlook etc etc.
    6. Go to settings/apps/all apps (3 dot menu, top right, 'Show system apps' also) and clear cache and data for Google parts (Google Play Protect Services, Google Play Services, Google Play Store and Google Services Framework) along with cache and data for all your required apps (Company Portal, Teams, Outlook and Edge).
    7. Reboot phone
    8. That's it. Now try signing in to Comp. Portal, Outlook etc and, fingers crossed, it will all work fine. Good luck.

    IF that doesn't work...
    Try uninstalling Comp. Portal, Teams, Outlook, Edge - any of your Microsoft apps.
    Then follow again from step 6 and clear cache/data again (but obviously the Microsoft apps will be missing at this stage).
    Reboot phone
    Re-install your Microsoft apps from newly 'cleaned' Play Store. DON'T open them yet.
    Hide all parts of them in Magisk Hide Deny list.
    Now try signing in and using Comp. Portal etc
    2
    Guys updated hiding patch
    1
    Happened to me as well. I used Shamiko magisk module and it's all good now.
    1
    It is unbelievable. I flashed Magisk Delta V26.4. Systemless hosts, Zygisk, MagiskHide, and Enforce SuList are enabled. The Company Portal with the latest version is working normally!!!
    Glad you got it working in the end. For me, using magisk Delta previously, my main banking app detected root, i find alpha to be more hidden than others. With it my banking app works fine. But either way, glad you got it working (y)