Workaround for MS Intune Company Portal/Outlook with Huawei P40 Pro

Search This thread

lazerbourne

Member
Oct 21, 2010
25
4
Stockholm
Due to my company's policy, we need to register the mobile phones using MS Intune Company Portal and can use only Outlook app for the official mails and calendar. Both these apps can be downloaded via Aurora Store but the registration of the device fails due to the Google Play Protect check during the enrollment of the device. The 2nd step during enrollment fails with an error message regarding the network connection or something similar. After struggling with this for almost a week, I finally found some workarounds. Hope this is useful for someone.

For Mails:
I use Blue Mail for all my other mails and was using this with my official mails (Office 365) as well, till about a year ago when the company admins introduced a strict check of Outlook app with Intune Portal as the only way to receive the official mails. Since then I had been using both the MS apps for my official mails in my previous Samsung phone. But this stopped working after I moved over to Huawei due to the GPP check mentioned above. Here's the workaround for it:
This will work only if you have web access to your official emails i.e. you are able to use the a broswer to check your official emails.
  1. In Blue Mail, add new account (instead of using Office 365, use Exchange).
  2. Enter full email address and password.
  3. Check Automatic.
  4. Uncheck ActiveSync. Click Next.
  5. For the Exchange Server setting, use the exchange server URL being used by your company. Typically, it is the 1st 3 in the url of your web access to the outlook email. In a lot of cases, this would be outlook.office365.com
  6. Security - SSL/TLS.
  7. If you see a dropdown Access Type, select EWS (Exchange Web Services). Do not select Automatic or ActiveSync.
That should work. The office365 outlook emails should be visible in Blue Mail. The calendar is not synced with this workaround. The needs a different route in.

For Calendar:
I use Google Calendar for all my other activities and so I wanted to add my outlook entries to GCal to have them all in one place.
The easiest way is to publish your calendar from Outlook Office 365 and import it as a URL in GCal.
Steps:
  1. Go to the web view of your outlook.
  2. Click on the Settings icon.
  3. Click "View All Outlook Settings".
  4. Go to Calendars->Shared Calendars.
  5. Click on the ICS Link and click "Copy Link".

This can now be imported in the google calendar as a separate new calendar but the issue is that any updates to your outlook calendar are synced 1-2 times a day only. If that is fine go ahead and import it. I wanted the sync to happen every 5-10 min.
For this, you can use the GAS-ICS-Sync script from GitHub (https://github.com/derekantrican/GAS-ICS-Sync)
Follow the installation and run instructions on the site. You can configure how often the calendar should sync etc in the code.gs file.

Hope this helps someone :)
 
  • Like
Reactions: jericho246

avivasaf

Senior Member
Apr 24, 2011
205
16
Due to my company's policy, we need to register the mobile phones using MS Intune Company Portal and can use only Outlook app for the official mails and calendar. Both these apps can be downloaded via Aurora Store but the registration of the device fails due to the Google Play Protect check during the enrollment of the device. The 2nd step during enrollment fails with an error message regarding the network connection or something similar. After struggling with this for almost a week, I finally found some workarounds. Hope this is useful for someone.

For Mails:
I use Blue Mail for all my other mails and was using this with my official mails (Office 365) as well, till about a year ago when the company admins introduced a strict check of Outlook app with Intune Portal as the only way to receive the official mails. Since then I had been using both the MS apps for my official mails in my previous Samsung phone. But this stopped working after I moved over to Huawei due to the GPP check mentioned above. Here's the workaround for it:
This will work only if you have web access to your official emails i.e. you are able to use the a broswer to check your official emails.
In Blue Mail, add new account (instead of using Office 365, use Exchange).
Enter full email address and password.
Check Automatic.
Uncheck ActiveSync. Click Next.
For the Exchange Server setting, use the exchange server URL being used by your company. Typically, it is the 1st 3 in the url of your web access to the outlook email. In a lot of cases, this would be outlook.office365.com
Security - SSL/TLS.
If you see a dropdown Access Type, select EWS (Exchange Web Services). Do not select Automatic or ActiveSync.

That should work. The office365 outlook emails should be visible in Blue Mail. The calendar is not synced with this workaround. The needs a different route in.

For Calendar:
I use Google Calendar for all my other activities and so I wanted to add my outlook entries to GCal to have them all in one place.
The easiest way is to publish your calendar from Outlook Office 365 and import it as a URL in GCal.
Steps:
Go to the web view of your outlook.
Click on the Settings icon.
Click "View All Outlook Settings".
Go to Calendars->Shared Calendars.
Click on the ICS Link and click "Copy Link".


This can now be imported in the google calendar as a separate new calendar but the issue is that any updates to your outlook calendar are synced 1-2 times a day only. If that is fine go ahead and import it. I wanted the sync to happen every 5-10 min.
For this, you can use the GAS-ICS-Sync script from GitHub (https://github.com/derekantrican/GAS-ICS-Sync)
Follow the installation and run instructions on the site. You can configure how often the calendar should sync etc in the code.gs file.

Hope this helps someone :)
I have outlook working great with google account on it, i didnt had any problem to sign in to google account via outlook
 

Ouatedephoque

New member
Aug 25, 2020
2
0
Hi all,
I was using my Huawei P40 lite with my company's Intune app and everything was working perfectly fine.
A few days ago, it seems like Intune underwent a major update, and it now requires Google Mobile Services and Google Play Store to download the apps and securize corporate data. It would also now duplicate all apps on your phone's to create a pro environment separated from the normal private environment. Hence now all apps used for pro and private purpose should be duplicated (pro securized outlook app VS private outlook for private mails / one securized google Play store to download a limited set of certified pro apps VS the complete Google play store for private use.

Since my company is forcing to update to the new Intune, looks like the enrollment will fail in Intune on P40 phone with GMS ban. I get the process started, but it will freeze after a few steps, probably when trying setup the Pro environment and installing the Pro Google Play Store on the phone...

- Do you know if this new version of Intune with Google Play Store to securize the company's apps and data is standard or only tailored for my company ?
- If standard, is there any workaround for phones without GMS, or is Huawei/Microsoft working on an alternative for Huawei's P40s ?

I have not found anything so far and I just dont feel like changing to another phone.
Thanks very much for your time.
Jul
 

lazerbourne

Member
Oct 21, 2010
25
4
Stockholm
Hi all,
I was using my Huawei P40 lite with my company's Intune app and everything was working perfectly fine.
A few days ago, it seems like Intune underwent a major update, and it now requires Google Mobile Services and Google Play Store to download the apps and securize corporate data. It would also now duplicate all apps on your phone's to create a pro environment separated from the normal private environment. Hence now all apps used for pro and private purpose should be duplicated (pro securized outlook app VS private outlook for private mails / one securized google Play store to download a limited set of certified pro apps VS the complete Google play store for private use.

Since my company is forcing to update to the new Intune, looks like the enrollment will fail in Intune on P40 phone with GMS ban. I get the process started, but it will freeze after a few steps, probably when trying setup the Pro environment and installing the Pro Google Play Store on the phone...

- Do you know if this new version of Intune with Google Play Store to securize the company's apps and data is standard or only tailored for my company ?
- If standard, is there any workaround for phones without GMS, or is Huawei/Microsoft working on an alternative for Huawei's P40s ?

I have not found anything so far and I just dont feel like changing to another phone.
Thanks very much for your time.
Jul

I was exactly in your situation and stuck at the same place as you mention, that is why I posted the above workaround. You don't need Intune Portal or Outlook if you follow the steps in my post. The only precondtion being that you have access to your web outlook mails through a browser. For now, this is what is working for me. I'm hoping MS and Huawei will work out a permanent solution soon, but haven't heard anything specific regarding this.
 

xchatter

Senior Member
Jul 11, 2008
432
111
Sofia
My wife's company also uses Intune. She can't complete the setup. :( Somewhere in the last step, the setup freezes on some "getting company resources" or something. She submitted a ticket to their IT department but for now there is zero activity over there. I guess this requirement for the GMS is breaking everything. :/ I will try your suggestion, I hope it works. Thanks for the hints.
 

Ouatedephoque

New member
Aug 25, 2020
2
0
I was exactly in your situation and stuck at the same place as you mention, that is why I posted the above workaround. You don't need Intune Portal or Outlook if you follow the steps in my post. The only precondtion being that you have access to your web outlook mails through a browser. For now, this is what is working for me. I'm hoping MS and Huawei will work out a permanent solution soon, but haven't heard anything specific regarding this.

Thanks Lazerbourne.
I havent tried yet. But i cannot access my company's email login to outlook.com from a non-corporate PC. It says my company does not allow.
I learned a bit more about this issue. Turns out it is not only about having Google Mobile Services on your phone or not. Actually Intune now provides the option to the admins to to block Android enrollments by device manufacturer. My company is British, they apprently blocked Huawei devices in their settings... you got the story... so dumb... Not sure something can be done until politics get back to normal.
 

lazerbourne

Member
Oct 21, 2010
25
4
Stockholm
My wife's company also uses Intune. She can't complete the setup. :( Somewhere in the last step, the setup freezes on some "getting company resources" or something. She submitted a ticket to their IT department but for now there is zero activity over there. I guess this requirement for the GMS is breaking everything. :/ I will try your suggestion, I hope it works. Thanks for the hints.

Most welcome. Hope it worked for your wife. Mine is going good 2 weeks into it.
 

lazerbourne

Member
Oct 21, 2010
25
4
Stockholm
Thanks Lazerbourne.
I havent tried yet. But i cannot access my company's email login to outlook.com from a non-corporate PC. It says my company does not allow.
I learned a bit more about this issue. Turns out it is not only about having Google Mobile Services on your phone or not. Actually Intune now provides the option to the admins to to block Android enrollments by device manufacturer. My company is British, they apprently blocked Huawei devices in their settings... you got the story... so dumb... Not sure something can be done until politics get back to normal.

Exactly!! Mine too had blocked access to Huawei devices in the enrollments that is what was preventing the access. The web access though works from any OS and browser so the above workaround should work for you (presuming the admins have allowed the access to outlook web mail. This too can be blocked in the config settings of the mail server but most companies allow it since it doesn't store anything locally on the phones). Give it a go and see if it works for you.
 

xchatter

Senior Member
Jul 11, 2008
432
111
Sofia
Most welcome. Hope it worked for your wife. Mine is going good 2 weeks into it.

Hi again,
To report back - I was able to set the BlueMail emails using your method. The only thing I was having as a problem was that there were no notifications on new email. I had to switch from "Push" to "fetch on some interval" and the phone started getting the notifications. I excluded the app from all battery things but the "Push" method didn't work. :/ If you have some hints it would be great - I am not sure does this fetch method on 3 mins impact battery so much? If not then let it be. :D
I haven't still tried the solution for the calendar but I have to try it soon.

P.S.
My wife's P40 Pro is HMS+microg setup.

Thanks again for your insights.
 

lazerbourne

Member
Oct 21, 2010
25
4
Stockholm
Hi again,
To report back - I was able to set the BlueMail emails using your method. The only thing I was having as a problem was that there were no notifications on new email. I had to switch from "Push" to "fetch on some interval" and the phone started getting the notifications. I excluded the app from all battery things but the "Push" method didn't work. :/ If you have some hints it would be great - I am not sure does this fetch method on 3 mins impact battery so much? If not then let it be. :D
I haven't still tried the solution for the calendar but I have to try it soon.

P.S.
My wife's P40 Pro is HMS+microg setup.

Thanks again for your insights.

Fantastic!! :good:
I would suggest to leave the Fetch on for a day and see how the battery is impacted. The Fetch normally wakes the app in the background and sends a fetch request to the mail server. Theoretically, it shouldn't be a big battery drain.
For my phone, the push notifications are working fine since I'm using the Freeze GSF method (with GMS) to get the notifications working for all the apps. My config HMS+GMS+Frozen GSF.
I've read about conflict issues if you have microG and GMS together on the same phone, so this method may not work for you.
If in the future, you decide to reset the phone, then give it (HMS+GMS+Frozen GSF) a try. That way, all the apps are updated via Aurora Store+Huawei Store, all the notifications and location services for all the apps are working fine. All Huawei updates and Google Play Services updates too work.
 

schtirtliz

Member
Oct 26, 2020
6
0
Due to my company's policy, we need to register the mobile phones using MS Intune Company Portal and can use only Outlook app for the official mails and calendar. Both these apps can be downloaded via Aurora Store but the registration of the device fails due to the Google Play Protect check during the enrollment of the device. The 2nd step during enrollment fails with an error message regarding the network connection or something similar. After struggling with this for almost a week, I finally found some workarounds. Hope this is useful for someone....
...

Hope this helps someone :)

Tried as per this method. Via EWS the error is "Cannot connect to the server". With ActiveSync it works but downloads just one message saying I must enroll via Portal. .. :(

I have installed Intune Portal. For that, I needed to downgrade my firmware to .131, install googlefier as per the instructions, upgrade the firmware once again to .157, periodically suppressing series of annoying notifications "Your device is not certified for Play Protect, Google services will not run" (despite I have registered my GWS Device ID with this account and disabled all notifications from Play market already!).

Now Google Services work moreless OK (Play Market works, so do all apps, but the annoying messages keep popping up).

But then Intune only able to create work profile, when going to "Activate your profile" step it generates a lot of "Device not certified for Play Protect" and then finally says "Could not connect to the server, network may be down" etc. No certificate is created on server, nothing. After that, Intune disables itself.

UPDATE: Here Microsoft writes something on the matter. I understand the problem is driven by some specific corporate policies configured in a way to rely on GMS (whilst it can potentially be also delivered without them). Will check with admins if this can be amended somehow.
https://docs.microsoft.com/en-us/mem/intune/apps/manage-without-gms
 
Last edited:

lazerbourne

Member
Oct 21, 2010
25
4
Stockholm
@schtirtliz - That is correct. Its due to the reliance on GMS which in some ways is mitigated by using the sideloaded GMS (using Googlify etc.). The main problem is with the Google Play Protect for which there is no workaround yet. Updating the policies on the main server is an option, another could be to ask the admins to enable the web access (EWS). EWS will sooner or later be made obsolete so this workaround may not last too long. Hopefully by then MS would have figured out a way :)
 

schtirlitz

New member
Feb 20, 2019
2
0
@schtirtliz - That is correct. Its due to the reliance on GMS which in some ways is mitigated by using the sideloaded GMS (using Googlify etc.). The main problem is with the Google Play Protect for which there is no workaround yet. Updating the policies on the main server is an option, another could be to ask the admins to enable the web access (EWS). EWS will sooner or later be made obsolete so this workaround may not last too long. Hopefully by then MS would have figured out a way :)

Admins won't change the policy :( I am receiving some reassuring comments on other forums, from people who managed to get it working with some instructions like this
хттпс://youtu.be/HBnst3IgFlA

But nothing worked for me yet...
 

schtirtliz

Member
Oct 26, 2020
6
0
@schtirtliz - That is correct. Its due to the reliance on GMS which in some ways is mitigated by using the sideloaded GMS (using Googlify etc.). The main problem is with the Google Play Protect for which there is no workaround yet.

Update. I have managed to install GMS with another instructions from here https://youtu.be/XvFQkavPZnk

All apps work perfectly now, no errors.

However, Intune still does not work. Once it creates work profile, it clones all Google stuff into it, and immediately new "badged" version of Google Play starts to generate same Play Protect errors and block further progress (unbadged one keeps working well).

Is there any way to sideload and install "GMS fix.apk" under work profile? Maybe via adb etc.? I tried but it says no access to shell... :( how does that cloning process work, why does it clone some unpatched version rather than taking patched one from the system files?

Thanks!
 

terjene

Member
Jul 2, 2008
24
6
I managed to get both email and calendar using "Nine - Email & Calendar" from Play Store. I'm using gsf freeze, and also have Vanced microG installed. Installed GMS this summer, don't use googlify. Only hoping it will last..
Used the settings from first post:
-full email ([email protected], CN = Common Name from AD), not my [email protected]
- Exchange Server instead of Office 365
- SSL/TLS
Did not have a choice to uncheck ActiveSync, so this is checked.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Due to my company's policy, we need to register the mobile phones using MS Intune Company Portal and can use only Outlook app for the official mails and calendar. Both these apps can be downloaded via Aurora Store but the registration of the device fails due to the Google Play Protect check during the enrollment of the device. The 2nd step during enrollment fails with an error message regarding the network connection or something similar. After struggling with this for almost a week, I finally found some workarounds. Hope this is useful for someone.

    For Mails:
    I use Blue Mail for all my other mails and was using this with my official mails (Office 365) as well, till about a year ago when the company admins introduced a strict check of Outlook app with Intune Portal as the only way to receive the official mails. Since then I had been using both the MS apps for my official mails in my previous Samsung phone. But this stopped working after I moved over to Huawei due to the GPP check mentioned above. Here's the workaround for it:
    This will work only if you have web access to your official emails i.e. you are able to use the a broswer to check your official emails.
    1. In Blue Mail, add new account (instead of using Office 365, use Exchange).
    2. Enter full email address and password.
    3. Check Automatic.
    4. Uncheck ActiveSync. Click Next.
    5. For the Exchange Server setting, use the exchange server URL being used by your company. Typically, it is the 1st 3 in the url of your web access to the outlook email. In a lot of cases, this would be outlook.office365.com
    6. Security - SSL/TLS.
    7. If you see a dropdown Access Type, select EWS (Exchange Web Services). Do not select Automatic or ActiveSync.
    That should work. The office365 outlook emails should be visible in Blue Mail. The calendar is not synced with this workaround. The needs a different route in.

    For Calendar:
    I use Google Calendar for all my other activities and so I wanted to add my outlook entries to GCal to have them all in one place.
    The easiest way is to publish your calendar from Outlook Office 365 and import it as a URL in GCal.
    Steps:
    1. Go to the web view of your outlook.
    2. Click on the Settings icon.
    3. Click "View All Outlook Settings".
    4. Go to Calendars->Shared Calendars.
    5. Click on the ICS Link and click "Copy Link".

    This can now be imported in the google calendar as a separate new calendar but the issue is that any updates to your outlook calendar are synced 1-2 times a day only. If that is fine go ahead and import it. I wanted the sync to happen every 5-10 min.
    For this, you can use the GAS-ICS-Sync script from GitHub (https://github.com/derekantrican/GAS-ICS-Sync)
    Follow the installation and run instructions on the site. You can configure how often the calendar should sync etc in the code.gs file.

    Hope this helps someone :)
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone