Share via

Entra-enabled app crashing in Intune Work Profile but not in Private Profile

Rogel Arnel Lusares 0 Reputation points
2025-03-12T05:34:28.94+00:00

A customer is experiencing an issue with an Entra-enabled iOS app in MDM using Microsoft Intune. The app crashes immediately upon initiating the Entra login when using a Work Profile. In contrast, it works fine with a Private Profile.

Another customer using a different MDM (Oracle Identity Manager) resolved a similar issue by setting the SSO key "disable_explicit_app_prompt" to zero instead of one. However, this workaround did not resolve the crash for the customer using MS Intune, as "disable_explicit_app_prompt" cannot be set to zero and defaults to "not configured."

According to the online documentation, when "disable_explicit_app_prompt" is not configured, its default value is "1." Can anyone confirm this? Additionally, why might the app only crash on the Work Profile?

Further details include:

  • The app successfully uses Entra login when not managed by MDM.
  • The app utilizes the MSAL library for authentication.
Microsoft Intune iOS
Microsoft Intune iOS
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.iOS: An Apple mobile operating system.
260 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 52,741 Reputation points Microsoft External Staff
    2025-03-13T01:20:39.42+00:00

    @Rogel Arnel Lusares. Thanks for posting in Q&A. Yes, your understanding is correct. The value of disable_explicit_app_prompt is set to 1 by default

    https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin#apps-that-dont-use-a-microsoft-authentication-library

    You find other MDMs have the same issue and is fixed by setting it with value 0. I find Device features. policy can set the value on the app. You can try to set it. Here is a link with detailed steps:

    https://learn.microsoft.com/en-us/mem/intune-service/configuration/use-enterprise-sso-plug-in-ios-ipados-with-intune?tabs=prereq-intune%2Ccreate-profile-intune#create-a-single-sign-on-app-extension-configuration-policy

    However, if the issue still persists, you can try the following steps to troubleshoot:

    • Check MDM Policies: Review the MDM policies applied to the Work Profile and compare them with the Private Profile. Look for any differences that might affect the app's behavior.
    • Update MSAL Library: Ensure that the app is using the latest version of the MSAL library,
    • Log Analysis: Check the app's crash logs to identify any specific errors or exceptions that occur when the app crashes. This can provide more insight into what might be causing the issue.

    Please try the above suggestion and if there's any update, feel free to let us know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.