Android Enterprise General Discussions

I have found a variety of these questions posted both here as well as across other places on the net.It seems that the requirements to apply a bulk change to devices in ZTE are very specific. I cannot find a way to make it work. I’ve tried CSV files from Excel, Google Sheets, as well as just making it in a plain text editor.Every single time the file is rejected as an unsupported file type. I would really like some clear guidance on how to make this work consistently if at all possible.Thanks.

Hey! We recently noticed that a banner is displayed on https://play.google.com/work/apps . According to this, /work will be terminated on April 15. I am aware that the page is generally somewhat outdated and is intended for deprecated EMM APIs. (e.g. https://developers.google.com/android/work/play/emm-api/v1/products/approve ) /work has always been useful for us when it comes to getting a first impression of an app. By replacing /store with /work in the store URL, you could see immediately whether the app was available for Managed Play and offered an AppConfig.https://play.google.com/store/apps/details?id=com.google.android.apps.tachyonhttps://play.google.com/work/apps/details?id=com.google.android.apps.tachyon Will the pages be discontinued without replacement, or is there an alternative? (I mean, yes, you can see everything in the iFrame, but the hurdle for /work was very low and therefore very practical).

Hey everyone, Security is one of those topics that never stops evolving and is always relevant. We all get regular training at work and we know that scammers and spammers are getting smarter by the day. At the same time, our phones became such a big part of our lives —  which makes protecting them (and the data they hold) more important than ever.Here in the Customer Community and at Android Enterprise, you probably already know how much we value security - so much so that we have created our own security podcast (check our latest episode of The Secure Element here)! The theft protection features can bring a real peace of mind (you can read more about those here), especially the Theft Detection Lock which uses Google AI to detect if someone snatches your phone and automatically locks the screen, keeping your data safe. Now, over to you: which Android security feature feels like a real turning point for you and why? What would you like to see in the future? Is there anything you’d like

Hi there,I have a couple of Lenovo K11 wifi only models and the reseller has uploaded the serial number into our AZT account, the device has been assigned a configuration profile which is the same used for mobile phones.Problem i have is the tablets setup like a personal device and not a corporate owned, i’ve reset the tablet and had the reseller upload the serial number but still the same outcome.Intune isnt connected to our AZT account and i don’t know how else to troubleshoot this. The following “DPC extras” is what i used for the tablet setup{    "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",    "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",    "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",    "android.app.extra.PROVISIONING_ADMIN

Hello,For several weeks now, we are facing an issue in Samsung Contacts app about searching contacts in our Exchange Global Address List.This feature has worked flawlessly for many years, and now when we search for a contact in Exchange GAL, contact is found but when we try to open it Samsung Contacts app fails to open contact and shows “Contact not found”.Thank you for your help.Regards,

Hi everyone,We are a new company currently integrating Android Enterprise using the Android Management API, and we are completely blocked at the onboarding stage due to quota restrictions.As per the documentation, we understand that an initial quota of up to 500 devices requires a business justification, and we have already submitted the required request form. However, we have not received any response or acknowledgment so far.At present, our project is effectively limited to 0 devices, which is preventing us from even beginning integration, testing, or validation of our solution. This is a critical blocker for us, as we are unable to move forward without basic provisioning access.We would appreciate urgent clarification on:Expected turnaround time for initial quota requests Whether there is any way to enable minimal access for development/testing while the request is under review The correct escalation path for such casesThis delay is directly impacting our project timelines and deliv

Following up on the latest episode of The Secure Element with Harsh Lal (Senior Software Engineer, Android Authentication @ Google), we’ve been digging into what passkeys actually mean for businesses — and whether they will be replacing passwords in the near future.Passkeys could be seen as the next step of passwords as they can solve several issues that we’ve all experienced with ‘traditional’ passwords like memorising (or reusing) complex credentials, phishing, storage and security issues. Passkeys also allow us to login using biometrics and bring some interesting implications for B2B and enterprise environments: Cross-device access via password managers Compatibility with enterprise systems Support for hardware tokens (e.g. FIDO keys, YubiKeys) The possibility to revoke access instantly as neededThis sounds like a win-win situation, with both better security and better user experience so could passkeys be the end of passwords? With that comes an important question: how will you get

Hello everyone,We are currently facing an issue where Google Play Protect is blocking our Android application during device provisioning.Context: - It is not distributed via Google Play (but is already published); it is hosted externally and installed during provisioning via QR code.- The app is properly signed, and provisioning works at the system level, but Play Protect blocks the app with the message “App blocked to protect your device.”- This started happening recently on new devices / factory reset devices. We have already submitted the official Play Protect appeal form as recommended in the documentation:The form was completed with all required information (APK, package name, signing certificate, use case, etc.).At this point, we are looking for guidance from the community: - How long does it usually take for the Play Protect appeal form to receive a response or decision?- Is there any additional step or channel recommended for Android Enterprise DPC apps in this s

Dear Android Enterprise Support Team, I am experiencing an issue while attempting to enroll my HONOR Magic V5 device into Microsoft Intune for device management. I just bought the device one week ago, but when I try to add a work profile, I receive the following error message:"Can't add work profile. A work profile can't be added to this HONOR Magic V5. If you have questions, contact your IT admin."This issue is preventing me from completing the enrollment process required by my organization. I have already consulted with my company’s global IT support team, and they confirmed that there is no alternative solution on our side. The only way to resolve this issue is for HONOR to make the HONOR Magic V5 compatible with the Microsoft Intune application and Android Enterprise work profile enrollment.Device Details:Model: HONOR Magic V5OS Version: Magic OS 9.0.1Android version: 15Model: MBH-N49Error Screenshot: attached as below  Could you please advise if this device supports

I downloaded the work profil but not showing on the screen on HONOR Magic V5 anyone can help    

We’re having an issue with Android Enterprise.We have registered Android Enterprise via and MDM Solution.Now when we detached our Android Enterprise on the MDM solution and enrolled on a new MDM Solution, we can no longer claim the domain and we cant even log in to Android Enterprise either.

Hi,We are experiencing an issue. We have delete our organisation from a user account linked to Sophos Central MDM. This organisation is still bound to multiple end user devices which cannot access the Google Play Store and we cannot enroll any new devices. We have the organisation ID and the user account, we are looking for a way to restore the organisation to the account. Do anyone know if it is possible to reverse what we have done and restore an organisation ID to the account?Regards, MattMc

Hello all, We're facing an issue with our Intune/Managed Google Play connector. Google has deleted the account set up specifically to connect to our Managed Google Play instance in Intune. This has been an active link, with the last new device registered about 2 weeks ago and apps on devices being updated since then. We are currently unable to enroll new devices or add new apps. We are also unable to attempt to recover the account and have not been able to find a way to contact Google directly about the account issue. Barring being able to recover the account, are there ways for us to lessen the impact of creating a new account for the linkage? Or are we going to have to have all our Android BYOD users re-enroll their devices?

Hi All, just wondering if Android Auto will work for fully-managed (COBO) Samsung devices enrolled into Intune, or COPE for that matter?  Is there anything official from Google on this?  Does anyone have any advice on getting it to work or any gotchas along the way?

Working on a large-scale deployment of Android-based devices with key requirements:• Android 14-  Google Play Store support- Compatibility with enterprise MDM platforms- Long-term lifecycle support (5 years OS patches and version upgrades) Specifically looking for guidance on the below:Is GMS certification mandatory for devices that include Google Play Store in such deployments? Is Android Enterprise essential for stable MDM integration?  For kiosk / signage use cases, is EDLA certification recommended or required? Any known challenges with 5 years OS patches and version upgrades?

One of our customers has replaced 150 devices currently in zero-touch with 150 new devices. The 150 older devices need to be removed. Is there a way to select and remove them all at once from the zero-touch portal?

Hello,I wanted to know if it is possible to access the applications installed via the Play Store through an MDM without going through the MDM.I found this link:https://play.google.com/work/licenses/appsBut it only shows which applications have been approved to be added to the MDM, and not the number of applications installed on the device fleet.Thank you for your help.Best regards,Titouan 

Our enterprise account’s primary contact has left the company, and his email is no longer valid. We are unable to update this information ourselves. We need to regain access to our company account to complete Zero Touch Enrollment for a batch of pending mobile devices.Is there a way to change the primary contact to this account? Any guidance or support would be greatly appreciated. Thank you so much!

Basic set up: Managed Google Play + Intune Devices all set up as "Corporate-owned, fully managed user devices" Policies are set to allow all apps from store and to allow other accounts to be installed on devices. GSuite individual Google accounts with corporate email addresses signed in to all devices to allow for things like Photos backup.  Problem: When migrating a user to a new device, some apps cannot be installed. When a user is signed into Google Play with their Google Account, any app that is already linked to their Google Account from their previous device (for example: WhatsApp, Samsung Notes, Translate), cannot be installed with the error "Your administrator has not given you access to this item". If I sign the user out from their Google account, install the app and then sign them in again, it all works fine, but this should not be necessary. It seems like the problem is stemming from the Play Store not liking the fact that th

Hi everyone,I’m encountering a persistent issue where users on MDM-managed devices (specifically Samsung devices using Knox) are unable to complete the Two-Step Verification (2FA) setup in WhatsApp.Whenever they attempt to set a PIN, they receive the following error:"Not possible to perform two-step authentication at the moment. Please try again in a few hours."After analyzing the system logs, I found strong evidence that the management policies are interrupting the authentication activities. Here are the key findings from the logs: Forced Activity Termination: The system triggers a finishIfPossible command on the 2FA activities (TwoFactorAuthActivity and SettingsTwoFactorAuthActivity) immediately after they are collected in a transition. MDM Policy Interference: The logs show ApplicationPolicy (part of the Knox management layer) checking the state of the WhatsApp package precisely during these transitions.   Input Channel Disposal: There are multiple W/InputManager-JNI warnings in

Hi all, I’m currently working on a project involving the CIS level 1 and 2 benchmarks (https://www.cisecurity.org/benchmark/google_android ). The goal is to configure this in an EMM (not choosen yet). Most of the rules listed in that PDF can be matched with an API (its hard work, wish Android had done this as they did for STIG 😂), but there is one that I can’t trace back to an API.In the Managed Google Play store there is a setting called Improve harmful app detection which they recommend to set to enabled. But I don’t want a user to be able to toggle this on or off, I need it to be forced on.  Does someone now if its even possible to configure the following via an EMM? 

IT administrators can set different policy responses based on the device's Security Risk value, including blocking configuration, clearing company data, and allowing continued registration. The EMM service will enforce this policy response based on the results of each integrity check, and the default option does not allow registration to continue. I don't know how to implement the above requirement. My EMM uses AMAPI, and I couldn't find the corresponding fields that can be implemented in the policy

my company is a ZT reseller in France , but does not appear in the French country list . how can i correct this ? 

Hi, As an organisation we are pretty new to ZT. We had good success when testing two devices. We enroll them through ZT and manage through Intune. This worked on our test device (Lenovo Tab K11). I set up a Token separate from the default created on the ZT -> Intune Link. We recently bought 120 Lenovo K11 tablets to set up using the same profile, however we used a new reseller. They added these to our portal.  I assigned the token this morning. Then, when I connected the devices to the internet. No profile was present, it continued with the non Dedicated device set up. I did see a message about potentially waiting 48 hours for the profile to apply. Is this accurate? I waited at least 4 hours and no success.  Do you have any advice or steps to trouble shoot? We have checked the DPC extras Token is correct and used alternate networks to avoid issues with filtering/firewall. We have run SW upgrades on the tablets and Factory reset and re tried. I trie

Hello, We are a large corporate and mostly use Samsung phones as Android devices. Enrolment is being done via ZT portal to a default profile which is Corporate Owned Work Profile provided via Microsoft Intune. We are noticing an increased amount of cases where users set up their phones (no QR code, no text token) with default configuration added using DPC extras and within first few hours they would reset to a factory default state without any notice. This has become a real issue as it is affecting more and more people. Devices enrolled without ZT do not suffer from this issue, even though they are using the exact same enrolment profile. I saw many posts like this here and elsewhere on the internet, but no actual solution. What is the problem here and is it being actively looked by Google?