Meetings by Decisions
⌨️ Supported Deployment Scenarios
-
Not enrolled in any MDM solution (MAM / BYOD)
- These devices are typically employee owned devices that aren't managed or enrolled in Intune or other MDM solutions.
-
Enrolled in Microsoft Intune (MDM)
-
These devices are typically corporate owned.
-
-
Enrolled in a third-party Mobile Device Management (MDM) solution
-
These devices are typically corporate owned.
-
Requirements
- General MS Intune requirements
- Decisions Admin Portal
- Companies who want to utilize Meeting by Decisions with Intune application protection policies needs to Connect Decisions to MS Intune in the Decisions Admin Portal
- Users
- Users needs to have downloaded the MS Company portal or Authenticator app
Custom Apps
To add App Protection Policies to the Meetings by Decisions app, you need to select the app as a Custom app
- iOS BundleID = com.meetingdecisions.decisions
- Android Package ID = com.meetingdecisions.androidapp
Issues
- Approved apps
- Require company portal
🔒 Additional Requirements for Conditional Access Integration
When an organization enforces Conditional Access policies, users may experience login issues unless the Microsoft Intune permissions are properly configured. This section explains why these permissions are necessary and how they affect app behavior.
What is Conditional Access?
Conditional Access is a Microsoft security feature that controls how and when users can access organizational resources based on specific conditions (e.g., user location, device compliance, or application status). When a user attempts to access a resource protected by Conditional Access, the system must verify whether all policy conditions are met.
Role of Microsoft Intune
Microsoft Intune acts as the enforcement layer for Conditional Access in mobile environments. It ensures that devices and apps are compliant with company policies. Specifically, Intune enables:
-
Verification of device compliance status
-
Enforcement of app protection policies (e.g., data loss prevention)
-
Secure access based on Conditional Access evaluations
To facilitate this, apps like Decisions must be granted explicit permissions to interact with Intune.
🔑 Enabling Intune Permissions for the Decisions App
To comply with Conditional Access policies, the Decisions app requires the DeviceManagementManagedApps.ReadWrite permission scope..png?width=670&height=39&name=image%20(4).png){kind=small}
This setting must be granted admin consent by an authorized administrator.
This permission allows the app to:
-
Communicate securely with Microsoft Intune
-
Read and write information about managed applications
-
Apply or respect app protection policies required by your organization
Why It Matters
Without this permission:
-
The Decisions app cannot interact with Intune
-
Users will be unable to sign in, even with valid credentials
-
Conditional Access checks will fail silently or reject access
This is a critical configuration for organizations enforcing MAM (Mobile Application Management) policies via Intune.
📌 Action Required: This permission must be enabled by a Global Administrator in your Azure tenant.
For more technical detail on the permission, refer to Microsoft's official documentation:
👉 DeviceManagementManagedApps.ReadWrite Permission - Microsoft Docs
🛠️ Summary: Ensuring Successful App Enrollment
| Requirement | Who Performs It | Description |
|---|---|---|
| Conditional Access Policies Enabled | IT Admin | Defines security rules for accessing company resources |
| Microsoft Intune Integration | Global Admin | Ensures device and app compliance is checked |
DeviceManagementManagedApps.ReadWrite |
Global Admin | Required for the Decisions app to function under Conditional Access |
| App Downloaded from Managed Store | End User | Must be installed through Company Portal or an MDM-enrolled method |