Conditional Access- and App Protection Policies affect the usage of the ahead application (mobile & browser).
Conditional Access Policies for M365 affect ahead Intranet.
In ahead, we access documents and sites from SharePoint on behalf of the user via Microsoft Graph. The required permissions are requested as soon as the user uses such a feature. Thus, the Conditional Access Policies for M365 also have an impact on ahead.
ahead uses the default browser of the mobile phone for login purposes - therefore App Protection Policies are also affected.
The ahead mobile app uses the default browser for login. Therefore, App Protection Policies defined for the default browser also affect the ahead mobile app.
Unsupported Conditional Access Policy settings for M365 and ahead
Necessary settings for App Protection Policies of the default browser
The configuration of the data protection defines among other things how a protected app is allowed to communicate with other apps. During login, it is necessary that the default browser is allowed to exchange data with the ahead app. Since the ahead app is not protected, the "Send org data to other apps" setting must be set to "All apps". The other option is to set "Policy managed apps" and define an exception for the ahead app under "Select apps to exempt". The ID of the ahead app is com.aheadintranet and must be entered as value.
In addition, the option "All Apps" must be selected for "Receive data from other apps". This is the default.