Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Verify Device ID for Skyhigh Mobile Client on Android

  1. Last updated
  2. Save as PDF

You must configure Microsoft Intune to retrieve the device ID of Android devices for compliance validation. When users sign in on Android Enterprise–managed devices, Microsoft Intune sign in logs may not display the device ID unless the required configuration is in place. As a result, Intune can treat the device as unmanaged and restrict access to applications that require compliant device status.

Strong authentication requires Intune to validate both user credentials and device identity. If the Microsoft Authenticator app is not properly deployed and configured within the Android Enterprise work profile, the device ID is not captured during sign in, which prevents accurate compliance evaluation.

To enable device based access control, deploy and configure the Microsoft Authenticator app in the Android Enterprise work profile, complete user sign in with MFA approval, and verify that Intune registers the device as managed and records the device ID in the sign in logs.

Before You Begin

Make sure you have the following prerequisites in place: 

  • Android devices are enrolled in Microsoft Intune.
  • Admins have access to the Microsoft Intune Admin Center and the Microsoft Authenticator portal.
  • Users have valid work accounts.
  • Microsoft Authenticator is approved in Managed Google Play.

Configure Microsoft Authenticator

Follow these steps to register the Android Device ID and validate the managed status:

  1. Assign Microsoft Authenticator to the Device
  2. Verify Device Enrollment in Company Portal
  3. Configure Account in Microsoft Authenticator
  4. Complete Secure Sign-in
  5. Verify Device ID
Assign Microsoft Authenticator to the Device

This sections explain how to deploy the authentication component required to capture device identity and enforce secure sign-in validation. Microsoft Authenticator is required for multi-factor authentication and device-based identity validation.

  1. Sign in to the Microsoft Intune portal.
  2. Go to Apps > Android > Android apps
  3. Click Create.

    1.png

    Select app type window opens.
     
  4. From the App type dropdown, select Managed Google Play app.

    2026-02-17_12-15-22.png
     
  5. Click Select

    2026-02-17_12-17-50.png
    Managed Google Play window opens. 
     
  6. Search for Microsoft Authenticator.

    2026-02-17_12-18-42.png
     
  7. Click Select to add the Microsoft Authenticator application, and then click APPROVE to approve it. 

    2026-02-17_12-21-01.png
  8. On the Microsoft Intune Admin Center page, go to Apps > Microsoft Authenticator > Properties, then click Add group under the Required section to deploy the app to the required Device Group or User Group. 

    2026-02-17_12-22-55.png

This ensures the app is automatically installed on enrolled Android devices.

Verify Device Enrollment in Company Portal

This section confirms that the Android device is properly enrolled and recognized by Intune.

On the Android device:

  1. Open the Company Portal app.
  2. Verify whether the device status is Managed and signed in with a valid work account.

This confirms the device is properly enrolled in Intune.

Configure Account in Microsoft Authenticator

This section explains how to link the user’s work account to the managed Android device and enables device-based identity validation during authentication.

Open Microsoft Authenticator

Opening the app ensures the Intune-deployed authentication agent is active on the managed device.

  • Launch the Microsoft Authenticator app on the Android device.
    • If the deployment was successful, the app is already installed via Intune.

      2026-02-17_12-29-11.png
       

Set Up the Work Account

Configuring the work account binds the device ID to the user identity for secure sign-in and compliance evaluation.

  1. Select the work account.
  2. Tap Set up 2-step verification.

    2026-02-17_12-31-29.png
     

This links the device to the user identity and prepares it for secure authentication.

Complete Secure Sign-in

This section validates both user credentials and device identity during authentication.

Sign in Using Authenticator

When prompted during authentication, tap Sign in via Microsoft Authenticator.
This triggers an interactive sign-in flow.

2026-02-17_12-33-31.png

Approve the Request

A sign-in approval notification is sent to the device.

Approve the sign-in request by tapping Approve and entering the number displayed on the sign-in screen.  

2026-02-17_13-39-14.png

Verify Device ID 

After successful authentication:

  1. Sign in to the Microsoft Intune portal.
  2. Go to Users > Sign-in logs
  3. Select the relevant user sign-in event.
  4. Under Device info, verify:
    • Device ID displays the unique identifier of the device.
    • Managed displays Yes​​​​​​.

      2026-02-17_13-40-10.png

Microsoft Authenticator now receives and validates the Android device ID during authentication. Device-based Conditional Access policies will correctly identify compliant devices and allow secure application access.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.