[MS-1223] Enrolment record repository access prevented in sync info after project ID erased

[alex-vt]

JIRA ticket
Will be released in: 2025.4.0

Root cause analysis (for bugfixes only)

First known affected version: 2025.4.0

• A record counter in sync info pulls data from the enrolment record repository, that in turn needs a non-blank projectID. If a device marked as compromised is automatically logged out, the enrolment record repository no longer has a projectID for the short moment before the logged out state fully propagates to the sync UI, and throws an exception that leads to a crash.

Notable changes

• Enrolment record repository access prevented in sync info after project ID erased

Testing guidance

• Have a device logged in
• Mark the device as compromised
• Refresh config in the Settings
• Navigate to the dashboard and/or to the sync settings
• The device will be logged out automatically, without a crash

Additional work checklist

• Effect on other features and security has been considered
• Design document marked as "In development" (if applicable)
• External (Gitbook) and internal (Confluence) Documentation is up to date (or ticket created)
• Test cases in Testiny are up to date (or ticket created)
• Other teams notified about the changes (if applicable)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[BurningAXE]

Can it also be null in some cases?

[luhmirin-s]

authStore.signedInProjectId returns a non-null string.

[luhmirin-s]

authStore.signedInProjectId returns a non-null string.