• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Microsoft Intune Company Portal

Search This thread

mrhubris

Senior Member
Oct 9, 2009
56
4
Hi

I've search the forums but apart from finding several people with the same issue, i didn't find anything useful.

I'm running LOS14.1 on a OP3 with latest Magisk. Safetynet passes but the MS Intune company portal seems to be detecting that the device is rooted. Turning off root however is not fixing this. Any idea on how it detects this or are there solutions via Magisk for dealing with this (or other solutions off course).

Regards
Mrhubris
 

dizzybrow

New member
May 24, 2017
2
10
Hi

I've search the forums but apart from finding several people with the same issue, i didn't find anything useful.

I'm running LOS14.1 on a OP3 with latest Magisk. Safetynet passes but the MS Intune company portal seems to be detecting that the device is rooted. Turning off root however is not fixing this. Any idea on how it detects this or are there solutions via Magisk for dealing with this (or other solutions off course).

Regards
Mrhubris

I am on stock Lollipop rooted using Magisk 11.6. Outlook wouldn't start for me even though magisk hide was enabled and safetynet passed. I used the Tasker app to get around the root check with the with the following tasks:
Launch App (Outlook)
Run Shell command:
su
chmod 0754 /data/magisk
sleep 25
chmod 0755 /data/magisk

This launches the outlook app and changes the permissions of the magisk folder for 25 seconds so that when it does the root check after I input my pin everything checks out. After 25 seconds it restores the permissions to what they were, and root continues to work. I exported this as an app (long hold on task, click menu in upper right and export as app) and it seems to work like a charm.

I tried changing permissions on the individual files in the /system/data/magisk folder, but that didn't work. changing the permissions on the whole /system/data/magisk directory to 0754 seems to do the trick.

You can also use a root file manager to change the permissions, but you have to be careful because if the file browser loses its root privilege before changing the permissions back, you will lose your root capabilities until rebooting into TWRP recovery to do a chmod 0755 on the magisk folder. It's more inconvenient than having tasker do it, but it works.

Hope this helps somewhat.
 

mrhubris

Senior Member
Oct 9, 2009
56
4
The only issue I'm having is that tasker seems to be a paid app. I'm not willing to pay money if I'm not sure it works.
This is why asked the question. In the other threads I read it was clear that this is not always working so I asked the question in here specifically for magisk.

Regards
Mrhubris
 

Didgeridoohan

Senior Moderator / Dev Committee / Dev Relations
Staff member
May 31, 2012
12,249
1
14,443
Gothenburg
Google Nexus 4
Nexus 6
The only issue I'm having is that tasker seems to be a paid app. I'm not willing to pay money if I'm not sure it works.
This is why asked the question. In the other threads I read it was clear that this is not always working so I asked the question in here specifically for magisk.

Regards
Mrhubris

Tasker is definitely worth it! If you're worried you can try by doing the chmod manually first.
 

Deic

Senior Member
Feb 4, 2012
540
983
Madrid
www.xiaomiadictos.com
I am on stock Lollipop rooted using Magisk 11.6. Outlook wouldn't start for me even though magisk hide was enabled and safetynet passed. I used the Tasker app to get around the root check with the with the following tasks:
Launch App (Outlook)
Run Shell command:
su
chmod 0754 /data/magisk
sleep 25
chmod 0755 /data/magisk

This launches the outlook app and changes the permissions of the magisk folder for 25 seconds so that when it does the root check after I input my pin everything checks out. After 25 seconds it restores the permissions to what they were, and root continues to work. I exported this as an app (long hold on task, click menu in upper right and export as app) and it seems to work like a charm.

I tried changing permissions on the individual files in the /system/data/magisk folder, but that didn't work. changing the permissions on the whole /system/data/magisk directory to 0754 seems to do the trick.

You can also use a root file manager to change the permissions, but you have to be careful because if the file browser loses its root privilege before changing the permissions back, you will lose your root capabilities until rebooting into TWRP recovery to do a chmod 0755 on the magisk folder. It's more inconvenient than having tasker do it, but it works.

Hope this helps somewhat.

I can use Outlook app without Magisk Hide, I don't understand why you need do that.
 
  • Like
Reactions: Didgeridoohan

mrhubris

Senior Member
Oct 9, 2009
56
4
Time for another update.
The problem is not necessarly the oulook app. It's the Intune Company Portal that's closing everything up. Is there a way around this?

From my experience it even trips on unsigned custom roms. Currently Paranoid Android is the only one not giving me problems.

as far as i can tell it detects:
- signed / Un-signed
- root (the binaries itself). Disabling root results in the exact same error notification
 

candiesdoodle

Senior Member
Jan 24, 2012
843
280
New Delhi
If magisk.hide is enabled for the app, there is no way it will detect the root binaries.
Detection could be due to the build props .. ones such as
ro.build.tags=release-keys
ro.build.type=user

Have you tried setting the above build.prop properties to the value mentioned above. These are not set like this for custom roms.
You may try the attached magisk module to set these.
 

Attachments

  • Release_Keys_Enabler.zip
    8.7 KB · Views: 401

mrhubris

Senior Member
Oct 9, 2009
56
4
Changing these build props is not working.
Root beer sample is still detecting dangerous props and safetynet is also triggering.
 

mrhubris

Senior Member
Oct 9, 2009
56
4
Then you have some other issue. Both, root bear and safteynet should pass easily with magisk on custom roms.
Intune is just detecting specific aspects and the company i work for says that in those cases no configuration (of email for example) is allowed to happen.

But i've got no clue as to what it is detecting.

If i run Paranoid Android as a ROM it is possible. If i switch to LineageOS or Resurrection it's not.

Somehow the setup of these ROM's differs in a way to MS Intune trips or not. Is it possible to figure this out in some way?
 

[email protected]

Senior Member
Jan 15, 2009
2,469
554
Stockholm
I having same problems too but with onedrive, atm at work we are testing intune and now it would not let me use onedrive as the intune app detects root...
 

mbush78

Senior Member
Dec 30, 2009
223
52
43
Seabrook, TX
MatrixInc.me
For me, It's detecting something in sbin even though magisk unmounts it. If I remove read or execute permissions from sbin then Company Portal and all associated apps launch just fine. Of course nothing that needs root works anymore since without those permissions nothing can access su or anything else needed for root.

Sent from my Nexus 6 using Tapatalk
 

tL.Lando

Member
Feb 9, 2017
34
4
Are you using Tasker with the variables provided by dizzybrow? If so, it should work with 11.6 (safetynet still fails).

I am trying to, but I am not all that familiar with Tasker, so apparently I am doing something wrong. I would appreciate any assistance as far as setting it up correctly.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 14
    Udated Microsoft Intune Company Portal app working again!

    No, its not sorterd out. I think you havent got the latest update of the app yet and its a staged rollout.

    This is a new version 5.0.4140.0.

    Sent from my [device_name] using XDA-Developers Legacy app
    OK, my Intune Company Portal app has just been updated to version 5.0.4140.0, and, just like yours, it has started accusing that my phone was rooted. After some investigations, I have found out how to solve it. Here it is:

    Through either a terminal emulator app, or an adb shell command in a command window on your PC (with your phone connected to it, of course), enter these commands:

    Code:
    su
    magiskhide --add com.microsoft.windowsintune.companyportal.omadm_client_process

    Hope it works for you, as well!
    8
    Hi

    I've search the forums but apart from finding several people with the same issue, i didn't find anything useful.

    I'm running LOS14.1 on a OP3 with latest Magisk. Safetynet passes but the MS Intune company portal seems to be detecting that the device is rooted. Turning off root however is not fixing this. Any idea on how it detects this or are there solutions via Magisk for dealing with this (or other solutions off course).

    Regards
    Mrhubris

    I am on stock Lollipop rooted using Magisk 11.6. Outlook wouldn't start for me even though magisk hide was enabled and safetynet passed. I used the Tasker app to get around the root check with the with the following tasks:
    Launch App (Outlook)
    Run Shell command:
    su
    chmod 0754 /data/magisk
    sleep 25
    chmod 0755 /data/magisk

    This launches the outlook app and changes the permissions of the magisk folder for 25 seconds so that when it does the root check after I input my pin everything checks out. After 25 seconds it restores the permissions to what they were, and root continues to work. I exported this as an app (long hold on task, click menu in upper right and export as app) and it seems to work like a charm.

    I tried changing permissions on the individual files in the /system/data/magisk folder, but that didn't work. changing the permissions on the whole /system/data/magisk directory to 0754 seems to do the trick.

    You can also use a root file manager to change the permissions, but you have to be careful because if the file browser loses its root privilege before changing the permissions back, you will lose your root capabilities until rebooting into TWRP recovery to do a chmod 0755 on the magisk folder. It's more inconvenient than having tasker do it, but it works.

    Hope this helps somewhat.
    8
    I've been researching the InTune portal apk and it clearly doesn't use SafetyNet checks, because my device is passing safetynet just fine.

    I believe the culprit is that it's simply checking for the su binary in the $PATH variable, but I'm not 100% sure why suhide isn't blocking it exactly. @topjohnwu do you have any idea why suhide doesn't block this program from seeing the su binary?

    However, just to be verbose, I'll run through all of the smali code from the decompiled apk. All of the root checks seem to be executed in the following package:
    Code:
    com.microsoft.omadm.rootdetection

    Inside it are the following modules:
    Code:
    DeviceRooted.smali
    DeviceRooted_Factory.smali
    FolderPermissionModified.smali
    FolderPermissionModified_Factory.smali
    IRootTest.smali
    RootCloakInstalledRootTest.smali
    RootCloakInstalledRootTest_Factory.smali
    SuExistsRootTest.smali
    SuExistsRootTest_Factory.smali
    SuperUserPackageInstalledRootTest.smali
    SuperUserPackageInstalledRootTest_Factory.smali
    UsingTestKeysRootTest.smali
    UsingTestKeysRootTest_Factory.smali

    It seems to be doing the following checks:
    Code:
    .field public static final MODIFIED_DIRECTORY_PERM_BIT:I = 0x10
    .field public static final ROOT_CLOAK_INSTALLED_BIT:I = 0x20
    .field public static final SUPERUSER_EXISTS_BIT:I = 0x2
    .field public static final SU_BINARY_BIT:I = 0x1
    .field public static final TEST_KEY_BUILD_BIT:I = 0x8
    .field public static final XPOSED_CLASS_FOUND_BIT:I = 0x40

    MODIFIED_DIRECTORY_PERM_BIT
    First, it looks like it's checking the permissions of /data. Looks like it's checking for rwxrwx--x (actually just checking to make sure last set of permissions are --x (or 1).
    Code:
        const-string v0, "data"
    
        const-string v1, ".*d[r-][w-][x-][r-][w-][x-]--[x-].*"

    I checked my phone and it should pass this test:
    Code:
    drwxrwx--x  40 system system   4096 2017-11-08 15:22 data

    Next, it checks the permissions of /system. It's basically making sure group/global don't have write permissions (so something like 755).
    Code:
        const-string/jumbo v0, "system"
    
        const-string v1, ".*d[r-][w-][x-][r-]-[x-][r-]-[x-].*"

    My phone seems to pass this test:
    Code:
    drwxr-xr-x  14 root   root     4096 2009-01-01 00:00 system

    ROOT_CLOAK_INSTALLED_BIT
    Here it appears to be checking for xposed bridge. In RootCloakInstalledRootTest.smali. Note, that the name of the constant seems wrong, and this appears to be checking for XPOSED_CLASS_FOUND_BIT instead. In any case....
    Code:
    .field protected static final XPOSED_BRIGE_CLASS:Ljava/lang/String; = "de.robv.android.xposed.XposedBridge"
    .field protected static final XPOSED_METHOD_REPLACEMENT_CLASS:Ljava/lang/String; = "de.robv.android.xposed.XC_MethodReplacement"

    It's looking for those package names. I never installed Xposed for my device, so those should definitely not be there....

    SUPERUSER_EXISTS_BIT
    This tests for a few different SuperUser packages as being installed. From SuperUserPackageInstalledRootTest.smali:
    Code:
    .field private static final SUPERUSER_PACKAGE_FILENAME:Ljava/lang/String; = "Superuser.apk"
    .field private static final SYSTEM_APP_DIRECTORY:Ljava/lang/String; = "/system/app"
    
        new-array v0, v0, [Ljava/lang/String;
        const/4 v1, 0x0
        const-string v2, "eu.chainfire.supersu"
        aput-object v2, v0, v1
        const/4 v1, 0x1
        const-string v2, "com.noshufou.android.su"
        aput-object v2, v0, v1
        const/4 v1, 0x2
        const-string v2, "com.koushikdutta.superuser"

    None of these are installed on my phone. The following grep statement returns nothing
    Code:
    1|taimen:/system/app $ find . | grep su

    SU_BINARY_BIT
    From SuExistsRootTest.smali, we see the following. This looks to check the $PATH variable to see if "su" is in your path. Looking further into the PathSearchUtil code, it also hardcodes /system/bin and /system/xbin even if they're not in your path. However, that does not matter in the case of magisk.
    Code:
    .field private static final SU_BINARY_FILENAME:Ljava/lang/String; = "su"
        const-string/jumbo v0, "su"
    
        invoke-static {v0}, Lcom/microsoft/omadm/utils/PathSearchUtil;->fileExistsInPath(Ljava/lang/String;)Z

    Testing on my phone, we can see that it does immediately detect the su binary (even ran as a normal user, not root). I tried hiding root from com.android.shell but this does not work.
    Code:
    taimen:/ $ whoami
    shell
    taimen:/ $ echo $PATH
    /sbin:/system/sbin:/system/bin:/system/xbin:/vendor/bin:/vendor/xbin
    taimen:/ $ which su
    /sbin/su

    TEST_KEY_BUILD_BIT
    From UsingTestKeysRootTest.smali, we can see the following:
    Code:
        .param p1, "buildTags"    # Ljava/lang/String;
        const-string/jumbo v0, "test-keys"
        invoke-virtual {p1, v0}, Ljava/lang/String;->contains(Ljava/lang/CharSequence;)Z

    So it looks like it's looking test-keys in the build.prop entry. Checking my phone, this is not the case:
    Code:
    taimen:/ $ getprop | grep build.tags
    [ro.build.tags]: [release-keys]

    XPOSED_CLASS_FOUND_BIT
    Finally, in RootCloakInstalledRootTest.smali, we see the following code. (Note, this is likely swapped with the ROOT_CLOAK_INSTALLED_BIT static values, but it doesn't matter. If any of the checks return non 0, the device will be considered rooted).
    Code:
        new-array v0, v0, [Ljava/lang/String;
        const/4 v1, 0x0
        const-string v2, "devadvance"
        aput-object v2, v0, v1
        const/4 v1, 0x1
        const-string/jumbo v2, "rootcloak"
    Note, since this seems to be a weird one, here is the full contents of RootCloakInstalledRootTest.smali:

    Code:
    .class public Lcom/microsoft/omadm/rootdetection/RootCloakInstalledRootTest;
    .super Ljava/lang/Object;
    .source "RootCloakInstalledRootTest.java"
    
    # interfaces
    .implements Lcom/microsoft/omadm/rootdetection/IRootTest;
    
    
    # static fields
    .field private static final ROOT_CLOAK_PACKAGE_SIGNATURES:[Ljava/lang/String;
    
    .field protected static final XPOSED_BRIGE_CLASS:Ljava/lang/String; = "de.robv.android.xposed.XposedBridge"
    
    .field protected static final XPOSED_METHOD_REPLACEMENT_CLASS:Ljava/lang/String; = "de.robv.android.xposed.XC_MethodReplacement"
    
    
    # direct methods
    .method static constructor <clinit>()V
        .locals 3
    
        .prologue
        .line 20
        const/4 v0, 0x2
    
        new-array v0, v0, [Ljava/lang/String;
    
        const/4 v1, 0x0
    
        const-string v2, "devadvance"
    
        aput-object v2, v0, v1
    
        const/4 v1, 0x1
    
        const-string/jumbo v2, "rootcloak"
    
        aput-object v2, v0, v1
    
        sput-object v0, Lcom/microsoft/omadm/rootdetection/RootCloakInstalledRootTest;->ROOT_CLOAK_PACKAGE_SIGNATURES:[Ljava/lang/String;
    
        return-void
    .end method
    
    .method public constructor <init>()V
        .locals 0
    
        .prologue
        .line 29
        invoke-direct {p0}, Ljava/lang/Object;-><init>()V
    
        .line 30
        return-void
    .end method
    
    .method private checkClassForName(Ljava/lang/String;)I
        .locals 6
        .param p1, "className"    # Ljava/lang/String;
    
        .prologue
        const/4 v3, 0x0
    
        .line 46
        const/4 v2, 0x0
    
        .line 48
        .local v2, "xposedClass":Ljava/lang/Class;, "Ljava/lang/Class<*>;"
        const/4 v4, 0x0
    
        :try_start_0
        invoke-virtual {p0}, Ljava/lang/Object;->getClass()Ljava/lang/Class;
    
        move-result-object v5
    
        invoke-virtual {v5}, Ljava/lang/Class;->getClassLoader()Ljava/lang/ClassLoader;
    
        move-result-object v5
    
        invoke-static {p1, v4, v5}, Ljava/lang/Class;->forName(Ljava/lang/String;ZLjava/lang/ClassLoader;)Ljava/lang/Class;
        :try_end_0
        .catch Ljava/lang/ClassNotFoundException; {:try_start_0 .. :try_end_0} :catch_0
    
        move-result-object v2
    
        .line 55
        :cond_0
        if-eqz v2, :cond_1
    
        const/16 v3, 0x40
    
        :cond_1
        :goto_0
        return v3
    
        .line 49
        :catch_0
        move-exception v0
    
        .line 50
        .local v0, "e":Ljava/lang/ClassNotFoundException;
        invoke-static {v0}, Lorg/apache/commons/lang3/exception/ExceptionUtils;->getStackTrace(Ljava/lang/Throwable;)Ljava/lang/String;
    
        move-result-object v1
    
        .line 51
        .local v1, "trace":Ljava/lang/String;
        sget-object v4, Lcom/microsoft/omadm/rootdetection/RootCloakInstalledRootTest;->ROOT_CLOAK_PACKAGE_SIGNATURES:[Ljava/lang/String;
    
        invoke-static {v1, v4}, Lorg/apache/commons/lang3/StringUtils;->indexOfAny(Ljava/lang/CharSequence;[Ljava/lang/CharSequence;)I
    
        move-result v4
    
        const/4 v5, -0x1
    
        if-eq v4, v5, :cond_0
    
        .line 52
        const/16 v3, 0x20
    
        goto :goto_0
    .end method
    
    
    # virtual methods
    .method public executeTest()I
        .locals 2
    
        .prologue
        .line 34
        const-string v0, "de.robv.android.xposed.XposedBridge"
    
        invoke-direct {p0, v0}, Lcom/microsoft/omadm/rootdetection/RootCloakInstalledRootTest;->checkClassForName(Ljava/lang/String;)I
    
        move-result v0
    
        const-string v1, "de.robv.android.xposed.XC_MethodReplacement"
    
        invoke-direct {p0, v1}, Lcom/microsoft/omadm/rootdetection/RootCloakInstalledRootTest;->checkClassForName(Ljava/lang/String;)I
    
        move-result v1
    
        or-int/2addr v0, v1
    
        return v0
    .end method
    6
    Block the subprocess fix?

    I may have found a fix using the same solution as the pokemon go guys.

    Adding a series of subprocesses which are loaded during the compliance check to magisk hide seems to do the trick.

    Code:
    magiskhide --add com.microsoft.windowsintune.companyportal:auth
    magiskhide --add com.microsoft.windowsintune.companyportal:omadm_client_process
    magiskhide --add com.microsoft.windowsintune.companyportal:fencing_client_process

    I am now passing the compliance check when run manually through the app. This hasn't been running long enough to make sure background checks are caught, but I'll update if it gets flagged.

    Note that I just blanket blocked everything instead of trying to figure out the exact subprocess or subprocesses that need to be blocked.

    You can see in the logcat below that Magisk pops in as each of the processes are loaded

    Logcat (filtered by string 'company')
    Code:
    marlin:/ $ logcat | grep company
    04-11 10:44:32.464   882  4410 I ActivityManager: Start proc 6343:com.microsoft.windowsintune.companyportal:omadm_client_process/u0a181 for content provider com.microsoft.windowsintune.companyportal/com.microsoft.omadm.apppolicy.AppPolicyContentProvider
    04-11 10:44:32.469   477   638 I Magisk  : proc_monitor: com.microsoft.windowsintune.companyportal:omadm_client_process (PID=6343 ns=mnt:[4026534462])
    04-11 10:44:32.661  6343  6343 I AndroidInsanity: Content provider attached: [com.microsoft.windowsintune.companyportal.powerlift.provider]
    04-11 10:44:32.774  6343  6343 I com.microsoft.omadm: Initializing logging to file pattern: /data/user/0/com.microsoft.windowsintune.companyportal/files/OMADMLog_%g.log
    04-11 10:44:32.812  6343  6343 I DeploymentSettings: Loading settings file from /data/user/0/com.microsoft.windowsintune.companyportal/files/settings.xml failed because it probably wasnt created yet. Loading the settings file from the application binary resources instead.
    04-11 10:44:33.862  6343  6343 I DeploymentSettings: Loading settings file from /data/user/0/com.microsoft.windowsintune.companyportal/files/settings.xml failed because it probably wasnt created yet. Loading the settings file from the application binary resources instead.
    04-11 10:44:34.948  6343  6343 I DeploymentSettings: Loading settings file from /data/user/0/com.microsoft.windowsintune.companyportal/files/settings.xml failed because it probably wasnt created yet. Loading the settings file from the application binary resources instead.
    04-11 10:44:35.307  6300  6300 I MAMComponents: Initializing MAM classes with the MDM package: com.microsoft.windowsintune.companyportal
    04-11 10:44:41.232  6479  6479 I MAMComponents: Initializing MAM classes with the MDM package: com.microsoft.windowsintune.companyportal
    04-11 10:44:43.189  6515  6515 I MAMComponents: Initializing MAM classes with the MDM package: com.microsoft.windowsintune.companyportal
    04-11 10:44:45.210  6563  6563 I MAMComponents: Initializing MAM classes with the MDM package: com.microsoft.windowsintune.companyportal
    04-11 10:44:56.539   882  1238 I ActivityManager: Start proc 6897:com.microsoft.windowsintune.companyportal:fencing_client_process/u0a181 for service com.microsoft.windowsintune.companyportal/com.microsoft.intune.fencing.client.FencingClientService
    04-11 10:44:56.544   477   638 I Magisk  : proc_monitor: com.microsoft.windowsintune.companyportal:fencing_client_process (PID=6897 ns=mnt:[4026534452])
    04-11 10:44:56.826  6897  6897 I DeploymentSettings: Loading settings file from /data/user/0/com.microsoft.windowsintune.companyportal/files/settings.xml failed because it probably wasnt created yet. Loading the settings file from the application binary resources instead.
    04-11 10:45:16.865   882  1238 I ActivityManager: Killing 6897:com.microsoft.windowsintune.companyportal:fencing_client_process/u0a181 (adj 906): empty #17
    04-11 10:45:19.211   882  4410 I ActivityManager: Killing 6343:com.microsoft.windowsintune.companyportal:omadm_client_process/u0a181 (adj 906): empty #17
    04-11 10:46:06.395   882  2355 I ActivityManager: START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.microsoft.windowsintune.companyportal/.views.SplashActivity bnds=[1123,337][1393,686]} from uid 10032
    04-11 10:46:06.440   882  1238 I ActivityManager: Start proc 10154:com.microsoft.windowsintune.companyportal/u0a181 for activity com.microsoft.windowsintune.companyportal/.views.SplashActivity
    04-11 10:46:06.456   477   638 I Magisk  : proc_monitor: com.microsoft.windowsintune.companyportal (PID=10154 ns=mnt:[4026534473])
    04-11 10:46:06.592 10154 10154 I FA      :   adb shell setprop debug.firebase.analytics.app com.microsoft.windowsintune.companyportal
    04-11 10:46:06.622   882   909 I ActivityManager: Start proc 10173:com.microsoft.windowsintune.companyportal:omadm_client_process/u0a181 for content provider com.microsoft.windowsintune.companyportal/com.microsoft.intune.common.settings.PreferencesContentProvider
    04-11 10:46:06.623   477   638 I Magisk  : proc_monitor: com.microsoft.windowsintune.companyportal:omadm_client_process (PID=10173 ns=mnt:[4026534498])
    04-11 10:46:06.697 10173 10173 I AndroidInsanity: Content provider attached: [com.microsoft.windowsintune.companyportal.powerlift.provider]
    04-11 10:46:06.734 10173 10173 I com.microsoft.omadm: Initializing logging to file pattern: /data/user/0/com.microsoft.windowsintune.companyportal/files/OMADMLog_%g.log
    04-11 10:46:06.736 10173 10173 I DeploymentSettings: Loading settings file from /data/user/0/com.microsoft.windowsintune.companyportal/files/settings.xml failed because it probably wasnt created yet. Loading the settings file from the application binary resources instead.
    04-11 10:46:06.954 10173 10173 I DeploymentSettings: Loading settings file from /data/user/0/com.microsoft.windowsintune.companyportal/files/settings.xml failed because it probably wasnt created yet. Loading the settings file from the application binary resources instead.
    04-11 10:46:07.215 10173 10173 I DeploymentSettings: Loading settings file from /data/user/0/com.microsoft.windowsintune.companyportal/files/settings.xml failed because it probably wasnt created yet. Loading the settings file from the application binary resources instead.
    04-11 10:46:07.217 10154 10154 I DeploymentSettings: Loading settings file from /data/user/0/com.microsoft.windowsintune.companyportal/files/settings.xml failed because it probably wasnt created yet. Loading the settings file from the application binary resources instead.
    04-11 10:46:08.012   882   909 I ActivityManager: START u0 {flg=0x10000000 cmp=com.microsoft.windowsintune.companyportal/.views.CompanyAccessNavigatorActivity} from uid 10181
    04-11 10:46:08.065   882  2355 I ActivityManager: START u0 {cmp=com.microsoft.windowsintune.companyportal/.views.AadAuthenticationActivity (has extras)} from uid 10181
    04-11 10:46:08.242   882   941 I ActivityManager: Displayed com.microsoft.windowsintune.companyportal/.views.AadAuthenticationActivity: +153ms (total +1s806ms)
    04-11 10:46:12.467   882   909 I ActivityManager: START u0 {flg=0x10000000 cmp=com.microsoft.windowsintune.companyportal/.views.MainActivity} from uid 10181
    04-11 10:46:12.745   882   941 I ActivityManager: Displayed com.microsoft.windowsintune.companyportal/.views.MainActivity: +250ms
    04-11 10:46:12.870   882   909 I ActivityManager: Start proc 10298:com.microsoft.windowsintune.companyportal:auth/u0a181 for service com.microsoft.windowsintune.companyportal/com.microsoft.workaccount.authenticatorservice.AuthenticatorService
    04-11 10:46:12.873   477   638 I Magisk  : proc_monitor: com.microsoft.windowsintune.companyportal:auth (PID=10298 ns=mnt:[4026534410])
    04-11 10:46:12.932 10298 10298 I DeploymentSettings: Loading settings file from /data/user/0/com.microsoft.windowsintune.companyportal/files/settings.xml failed because it probably wasnt created yet. Loading the settings file from the application binary resources instead.
    04-11 10:46:37.751   882  1516 I ActivityManager: START u0 {cmp=com.microsoft.windowsintune.companyportal/.views.DeviceDetailsActivity (has extras)} from uid 10181
    04-11 10:46:37.886   882   941 I ActivityManager: Displayed com.microsoft.windowsintune.companyportal/.views.DeviceDetailsActivity: +117ms (total +15s205ms)
    04-11 10:46:40.762   882  1516 W ActivityManager: Unable to start service Intent { act=com.google.firebase.MESSAGING_EVENT pkg=com.microsoft.windowsintune.companyportal } U=0: not found
    04-11 10:47:10.171 10714 10714 I MAMComponents: Initializing MAM classes with the MDM package: com.microsoft.windowsintune.companyportal
    04-11 10:47:11.257 10752 10752 I MAMComponents: Initializing MAM classes with the MDM package: com.microsoft.windowsintune.companyportal
    04-11 10:47:12.375 10787 10787 I MAMComponents: Initializing MAM classes with the MDM package: com.microsoft.windowsintune.companyportal
    5
    Also tasker n00b here...can you elaborate on how to set the above script?

    I've renamed su with root file explorer and confirm Intune check works but I don't think it's the good way to do it...

    Thx
    Use this XML to import the tasks. Then create widgets to call these tasks

    Ofcourse it's not the right way to do it. You are essentially denying root to any app that may require it. But then you can restore it back whenever you want to use use root.

    Remember that with Magisk, the actual root (su) binary is /root/magisk itself ... And /sbin/su is only a link to that main binary.