Recent discussions
Disable random mac address during EMM enrollment
My company is trying to provision tablets via headwind MDM. We have no problem on some of our networks, but the location they are being provisioned at at-scale have a strict no-random-mac address rule on their network. Thus far I have been unable to figure out how to create a QR code that will disable random mac address on the SSID of the network the device connects to when enrolling in our MDM. Is there a field I am missing? Surely there must be a way to overcome this.
Android Developer Verification Requirements in AE
taking a page from jasonbayton's LinkedIn post I wanted to post and discuss the announcement from Google yesterday and their upcoming Android developer verification requirements. This is something that fully managed devices with customer supplied applications will run into, and it will cause issues on devices A while ago Google stated that they wouldn't scan customer-sideloaded applications with GPP if they were fully managed. See here: https://www.androidenterprise.community/discussions/conversations/is-there-any-way-to-disable-google-play-protect-gpp-from-an-emm-or-to-otherwise-/2507 Would this requirement fall under the same umbrella?
Intune now showing tenant name on lockscreen
Hi everyone, As of some weeks, Intune started showing the tenant name on the lockscreen. Where it used to say "this device belongs to your organisation" it now says: " This device belongs to company name" . Since this is a big no for most of our customers, I was wondering if other people noticed this as well and maybe even found a solution for it. Microsoft support admitted that they changed this, but they will now help us getting it fixed or even giving us the option to enable or disable this. Showing the company name on a device can make a device more interesting to people who might find a lost or stolen device. Therefore, we never show company names or logo's on the lock screen. And most customers we work with expect that kind of behaviour. We currently have to project on hold because if this detail. (And its costing us extra business because they are not buying the hardware that comes with it 😅) I hope someone else is having more luck! In the meantime I'm escalating this via other companies in our group with better MS connections but those take some time. And if you haven't noticed this issue, please be aware of it. As far as we know, only Intune has done this. Knox, Workspace one and Mobile Iron are not showing this message. Samsung has replied that this is absolutly not right in their opinion. Its a big risk for companies.
Need explaination of following feature implementation for AER -3.19. Application track management
I have implemented the following feature and I can set application track from my emm console but not understand what to show for validation or how it will further works after set app track info. Thanks in advance.Support for a Single VPN Instance Shared Across All Users on a Corporate-Owned Device
Hello everyone, I am exploring how to reduce resource usage on corporate-owned Android devices that are configured with multiple users or profiles. Currently, Android's VPN framework is per-user: Each user (or work profile) maintains its own VPN state. An Always-On VPN can only be configured within the context of the current user or profile. This means that if a device has several users, each user needs to run a separate VPN instance. This design results in unnecessary duplication: Multiple VPN processes or tunnels are active on the same device. System resources (CPU, battery, memory) are consumed redundantly. The VPN app itself must be installed and configured multiple times. My request/idea: Enable a single VPN instance at the device level (not just per-user), so that one VPN tunnel can secure network traffic across all users and profiles. This would: Greatly reduce resource waste. Simplify deployment and management for IT admins. Prevent the need for each user or profile to maintain its own VPN connection. Questions for the community and Google team: Is there any existing mechanism (documented or OEM-specific) that allows a VPN to operate at the device scope rather than user scope? Are there any roadmap plans to support device-level VPN in Android Enterprise? If not currently supported, could this be considered as a feature request for future Android versions? This would be particularly valuable for dedicated devices and shared device scenarios where multiple users must access corporate resources, but IT only wants to maintain one VPN tunnel. Looking forward to your insights and to hear whether others face the same challenge. Thank you.
Not able to restrict personal email from logging into Work GMAIL app for BYOD enrolled devices
I wanted to restrict personal emails (with gmail account) from logging into Work GMAIL app for BYOD enrolled devices. I however want workspace accounts to be able to login. When I set modifyAccountsDisabled to true in AMAPI policy, no account can be added (including workspace account). Same problem happens when I specify com.google for accountTypesWithManagementDisabled - no account can log into GMAIL. Is there any solution to this ? Thanks in advance.
ANDROID 15: Problem with unlock code expiry in COPE mode
Hello, Our users' Samsung smartphones are enrolled in Intune in COPE mode. We have a configuration profile that requires a device unlock code with an expiration time. We haven't configured a code for the work profile, so the One Lock setting is enabled by default. In Android 15, following the expiration of the unlock code, the user is now required to change the unlock code. However, once they do so, when they launch an app in the work profile, the smartphone also asks them to change the work profile code. I don't understand why the smartphone is asking to change the work profile code when the One Lock setting is enabled. Is anyone else having the same problem? Benjamin
Unlinking Zero Touch Account from deleted Enterprise
Hi, we are currently trialing automatic device enrollment using a Zero Touch Account and baramundi Management Suite as our EMM solution. It all worked well, until I deleted the Android Enterprise account before unlinking it from our Zero Touch account. When I now try to create a new enterprise and link it to our Zero Touch account, it says that it's already linked and I can't proceed to the actual Zero Touch console within the iFrame in the EMM. Sadly I can't change the display language for the iframe. It says "Choose accounts to be linked" and the light grey part next to the checkbox says "already linked". I'm only presented the option to go back and choose another Google account. There doesn't appear to be an option on the web portal version of Zero Touch (https://enterprise.google.com/android/zero-touch/customers/) to unlink the enterprise either. When I try to delete the enterprise it warns me to unlink the Zero Touch account before proceeding and tells me that all enterprise related data will be deleted after 30 days. So my question is: Is there another way to unlink the enterprise from the Zero Touch Account or do I simply wait for 30 days and then the link is deleted automatically? Peter
