Recent discussions
Custom app installation with AMAPI
Thanks to the keen eye of jasonbayton for spotting this update in the documentation: https://developers.google.com/android/management/manage-custom-apps The lack of this feature has been a key reason I've avoided any AMAPI based EMM (looking at you Intune!) for fully managed device deployments. This is certainly a welcome enhancement to AMAPI and one that I'm honestly surprised Google delivered on. I think I can finally see the writing on the wall that Custom DPC will eventually now die given that AMAPI is finally catching up. I still need file system push and pull for it to truly be a replacement but this is a major step in the right direction. What are the community thoughts on the matter?
Android Developer Verification Requirements in AE
taking a page from jasonbayton's LinkedIn post I wanted to post and discuss the announcement from Google yesterday and their upcoming Android developer verification requirements. This is something that fully managed devices with customer supplied applications will run into, and it will cause issues on devices A while ago Google stated that they wouldn't scan customer-sideloaded applications with GPP if they were fully managed. See here: https://www.androidenterprise.community/discussions/conversations/is-there-any-way-to-disable-google-play-protect-gpp-from-an-emm-or-to-otherwise-/2507 Would this requirement fall under the same umbrella?Need explaination of following feature implementation for AER -3.19. Application track management
I have implemented the following feature and I can set application track from my emm console but not understand what to show for validation or how it will further works after set app track info. Thanks in advance.
Support for a Single VPN Instance Shared Across All Users on a Corporate-Owned Device
Hello everyone, I am exploring how to reduce resource usage on corporate-owned Android devices that are configured with multiple users or profiles. Currently, Android's VPN framework is per-user: Each user (or work profile) maintains its own VPN state. An Always-On VPN can only be configured within the context of the current user or profile. This means that if a device has several users, each user needs to run a separate VPN instance. This design results in unnecessary duplication: Multiple VPN processes or tunnels are active on the same device. System resources (CPU, battery, memory) are consumed redundantly. The VPN app itself must be installed and configured multiple times. My request/idea: Enable a single VPN instance at the device level (not just per-user), so that one VPN tunnel can secure network traffic across all users and profiles. This would: Greatly reduce resource waste. Simplify deployment and management for IT admins. Prevent the need for each user or profile to maintain its own VPN connection. Questions for the community and Google team: Is there any existing mechanism (documented or OEM-specific) that allows a VPN to operate at the device scope rather than user scope? Are there any roadmap plans to support device-level VPN in Android Enterprise? If not currently supported, could this be considered as a feature request for future Android versions? This would be particularly valuable for dedicated devices and shared device scenarios where multiple users must access corporate resources, but IT only wants to maintain one VPN tunnel. Looking forward to your insights and to hear whether others face the same challenge. Thank you.
Workprofile creation failure using CUSTOM DPC
We use a custom DPC to create work profiles. On certain devices, profile creation fails with errors like STORAGE_UNAVAILABLE or work profile already exists. From bug reports, we can confirm the failure cause, but is there a way to detect these conditions directly in our app and handle them gracefully?”
Not able to restrict personal email from logging into Work GMAIL app for BYOD enrolled devices
I wanted to restrict personal emails (with gmail account) from logging into Work GMAIL app for BYOD enrolled devices. I however want workspace accounts to be able to login. When I set modifyAccountsDisabled to true in AMAPI policy, no account can be added (including workspace account). Same problem happens when I specify com.google for accountTypesWithManagementDisabled - no account can log into GMAIL. Is there any solution to this ? Thanks in advance.Disable random mac address during EMM enrollment
My company is trying to provision tablets via headwind MDM. We have no problem on some of our networks, but the location they are being provisioned at at-scale have a strict no-random-mac address rule on their network. Thus far I have been unable to figure out how to create a QR code that will disable random mac address on the SSID of the network the device connects to when enrolling in our MDM. Is there a field I am missing? Surely there must be a way to overcome this.
ANDROID 15: Problem with unlock code expiry in COPE mode
Hello, Our users' Samsung smartphones are enrolled in Intune in COPE mode. We have a configuration profile that requires a device unlock code with an expiration time. We haven't configured a code for the work profile, so the One Lock setting is enabled by default. In Android 15, following the expiration of the unlock code, the user is now required to change the unlock code. However, once they do so, when they launch an app in the work profile, the smartphone also asks them to change the work profile code. I don't understand why the smartphone is asking to change the work profile code when the One Lock setting is enabled. Is anyone else having the same problem? BenjaminWhat security threats do you experience the most?
Hey everyone, Stop what you’re doing - episode 2 of The Secure Element is out now! Tune in as Bigdogburr and Theresa Lanowitz, Chief Cybersecurity Evangelist at LevelBlue, dive into achieving cyber resilience in an era of boundaryless computing. Their discussion truly reinforced for me just how vital a holistic approach to securing all end-user computing is - from laptops to mobiles, and everything in between - especially with cyberattacks becoming so sophisticated. The role AI plays in crafting these increasingly targeted attacks was a real eye-opener! This episode got me thinking about the real-world threats we’re all facing. What are the kinds of cyber threats you are most confronted with? Cast your vote in the comment section below: Phishing / Quishing/ Smishing (Email, SMS, or QR code tricks) Deepfakes (Convincing fake video/ voice calls) Malicious apps (Apps designed to steal data/ compromise devices) Network attacks (Rogue or Spoofed Wi-Fi, man in the middle, etc.) Other (please share more details in the comments!) And share some wisdom! Do you have some tips on how to identify a cyber attack? If you’ve been targeted, what’s one key lesson learned that you think everyone should hear? Looking forward to reading your stories. Chat soon, Emilie
Seeing spike in HARDWARE_BACKED_EVALUATION_FAILED for Android 16 devices.
We are seeing a spike in HARDWARE_BACKED_EVALUATION_FAILED in https://developers.google.com/android/management/reference/rest/v1/enterprises.devices#securityrisk field in AMA Device response. We are seeing this mostly in the Android 16 customers and for some users it went away without any change on their side. So it does not seem anything wrong with the devices and seems random. Anyone else facing this with AMA or play integrity?
