Samsung Android 16 (Fully Managed) — runtime permissions silently desync from Intune DPC grant state, only on some devices. Anyone else seeing this?

Hi!

We manage Samsung devices as Android Enterprise Fully Managed via Microsoft Intune. Camera and microphone permissions are granted through App Configuration (Permission state = Grant). At install time everything works fine.

After a while — no user action, no reinstall, no policy change — the affected app loses access. Settings shows the permission as Denied and locked by admin. Intune still reports it as Grant. So far we've hit this with 3CX and now Microsoft Teams. Pattern seems to be apps with persistent background camera/mic usage.

Workaround that works: re-pushing the App Configuration with any change (a dummy value increment is enough) restores the runtime state. Holds until it breaks again.

What I can't figure out: it only happens on some devices, not all. Same model, same firmware, same app versions. No clean correlation with security patch level, One UI version, or enrollment date so far.

My questions:

• Has anyone else seen this on Samsung Fully Managed under Android 16?
• Any idea what triggers it — app lifecycle event, hibernation, an OTA, a specific Knox policy?
• Anyone got a reproducible repro, or had real traction with Microsoft / Samsung / Google support?

Thanks!