Android devices unable to check in with MS Intune

rmarr
Level 1.5: Cupcake

We are using Microsoft Intune MDM to manage over 2000 Android devices and are having difficulty allowing devices to communicate with Intune from within our network. 

 

We have followed several network requirements docs including the following:

 

Network endpoints for Microsoft Intune | Microsoft Learn

Android-Enterprise-Migration-Bluebook_2019.pdf (googleusercontent.com)

Android Enterprise Network Requirements - Android Enterprise Help (google.com)

 

We must have checked and double checked the URLs and ports from these documents a dozen times. We were able to get devices to check in at one point but after a few months they all stopped checking in again. For this reason, we believe that there must be a URL that points to an Endpoint or Endpoints that change periodically. 

 

If we whitelist the entire *.google.com domain all devices are able to check in immediately however we are unable to do this as it would mean allowing access for every single device that connects to our WiFi. This is due to the fact that non-Windows devices which do not authenticate on the network use the Default User account which we are having to use to configure access. 

 

If anyone can provide some advice it would be greatly appreciated. 

 

Thanks.

5 REPLIES 5

ReeceK
Former Community Manager
Hey @rmarr,
 

How are you?

 

I'm sorry to hear you're experiencing this issue.

 

You mentioned trying several devices—are the results consistent across all of them? Also, have you raised this issue with your MDM provider or opened a ticket with Intune support?

 

Reece

rmarr
Level 1.5: Cupcake

Hi, thanks for your reply. The results are consistent across all devices, none of them are able to check in with Intune. I have looked at the issue with Microsoft and we have looked at all possible endpoints from their domain and they all seem to be accessible. We are certain that it is a Google URL that is blocked as when we whitelist *.google.com the issue is resolved. 

 

We therefore need to find the specific URL that is causing the issue as we cannot just unblock the whole Google domain. 

Michel
Level 2.2: Froyo

Hi

 

It might be helpfull to share what type or brand devices you are using. For Samsung you have some additional ports that might be needed, not sure about other brands. 

 

rmarr
Level 1.5: Cupcake

Hi Michel, thanks for your reply. 

 

The majority of devices are Zebra TC21 handsets, although the issue is consistent across multiple manufacturers including Samsung as well. 

 

The issue seems to resolve if we whitelist *.google.com so it seems to be a URL from this domain that is causing the problem. What I would like to do is to find out what this specific URL is as we do not want to whitelist the entire domain. 

Michel
Level 2.2: Froyo

i would think the same indeed, but to be honest i've never been on a customers network where we had to whitelist anything around MDM/Android. The URL's you provide should be complete I assume. 

 

Do you block traffic from inside to the internet as well? In most cases, all traffic is allowed out, but not all is allowed in. Maybe the devices are not able to report information back. 

 

Just thinking out loud here😅