This site requires JavaScript to be enabled

Intune Company Portal - Device Compliance Check and Browser Requirements

459 views

8.0 - Updated on 2024-09-11 by Ikenna Mbuko

7.0 - Updated on 2024-04-03 by Steve Ferguson

6.0 - Updated on 2023-05-08 by Erin Siksay

5.0 - Updated on 2023-05-08 by Mark Fleming

4.0 - Updated on 2022-05-17 by Mark Fleming

3.0 - Updated on 2022-02-02 by Lauren MacLean

2.0 - Updated on 2022-02-02 by Erin Siksay

1.0 - Authored on 2022-02-02 by Sarah O'Reilly

Table of Contents

Introduction

To successfully log into a Queen’s application that is being protected by device compliance (such as PeopleSoft Finance and MyHR), there may be steps you need to take to allow your browser to pass your device compliance data to the system.

If your device is compliant with the Silver Health Standard, but your browser is not configured properly (or not supported) you will see an error message similar to that shown below. Note that the Device Identifier is showing “Not available” and the Device state is “Unregistered”.

Screen capture of sign-in message when unsuccessful

In-Private, Incognito, or Private Browsing will Fail

Because data on the health of your system needs to be passed through the browser to the login system, In-Private, Incognito, or Private Browsing may not work on any of the supported browsers (i.e. Edge, Firefox, Safari, or Chrome) to access protected systems. We strongly recommend that you do not use private browsing when accessing applications protected by device compliance.

 

Supported Browsers by Operating System

Visit Microsoft’s Supported Browsers Page for the most robust reference.

 

Operating Systems Browsers
Windows 10+ Microsoft Edge, Chrome, Firefox 91+
iOS Microsoft Edge, Safari
Android Microsoft Edge, Chrome
macOS* Microsoft Edge, Chrome, Safari
Linux Desktop Microsoft Edge

*Note that on macOS, Firefox is not a supported browser for Microsoft device compliance, however in testing, has been shown to work.

 

Browser Compatibility Requirements

Windows 10 and Chrome

For Windows 10 and newer devices, download and install the Microsoft Single Sign On extension from the Chrome web store. This extension is required when a Conditional Access Policy requires device-specific details.

For Queen’s owned and managed devices, this extension has already been enabled. However, it can be disabled manually during the troubleshooting steps for other browser issues.

To verify the extension is available and enabled:

  1. Open Chrome
  2. Copy and paste chrome://extensions/ into the address bar of the browser.
  3. You should see Microsoft Single Sign On in the list of extensions, and it should be enabled. If it is disabled, slide the toggle to enable it.  If you do not see the extension, visit the Chrome web store to download Microsoft Single Sign On, and ensure it is enabled.

 

Windows 10 and Firefox

Firefox on Window 10 requires the Windows SSO configuration feature enabled to work with device compliance. Note that this feature is not available for macOS; Firefox cannot be used to access protected apps at Queen’s on macOS.

To enable or check the status of Windows SSO Configuration:

  1. Open Firefox
  2. At the top right of the browser, click Open Applications Menu (3 horizontal lines)
  3. Click Settings
  4. Select Privacy & Security
  5. Navigate to the Logins and Passwords section
  6. Check the box next to the “Allow Windows single sign-on for Microsoft….”

 

Screen capture of Firefox Windows SSO option in Privacy & Security

Windows 10 and Microsoft Edge

Microsoft Edge works seamlessly with Device Compliance. If you are seeing issues, ensure you are logged into Microsoft Edge with your Queen’s account and not a Guest Account.

If you are on a personal device, you may be signed into Edge with a personal Microsoft Account. Review this article: Using Multiple profiles at work and at home with a Microsoft Edge

Screen capture of Microsoft Edge profile menu

macOS and Allowing Certificates

If prompted to accept a client certificate from "device.login.microsoftonline.com" issued by MS-Organization-Access during sign in.

Chrome

  1. When prompted, verify that the issuer is MS-Organization-Access, click OK.
    Screen capture of previous step

  2. Google Chrome will then prompt access to key "Microsoft Workplace Join Key" in your keychain. After entering your Mac login password, select Always Allow.  If you choose Allow, you will need to accept the certificate each time you access an application protected by device compliance.
    Screen capture of previous step

Safari

  1. When prompted, verify that the issuer is MS-Organization-Access, click Continue.
    Screen capture of previous step

  2.  Safari will then prompt access to key "Microsoft Workplace Join Key" in your keychain. After entering your Mac login password, select Always Allow.  If you choose Allow, you will need to accept the certificate each time you access an application protected by device compliance.
    Screen capture of previous step

macOS and Safari Preferences

In order for Safari to work with Device Compliance, you will need to ensure that Hide IP address setting is not enabled. 

To verify and/or disable the Hide IP address:

  1. Open Safari
  2. Select Safari from the menu bar > Preferences, then click Privacy.
  3. Unselect the checkbox for Hide IP address from trackers if checked.
    Screen capture of previous step
Revised by Ikenna Mbuko
Last modified 1 week ago