Forum Discussion
Android 15 - Cannot set default password app
We use Microsoft Intune to manage devices. For the devices which have upgraded to Android 15, the end users can no longer select Microsoft Authenticator as their default application for auto filling passwords. I cannot find any settings in Intune to allow it. All devices are fully managed corporate owned devices. The devices are all Google Pixel 8 or 8a devices.
Is this a bug in 15 or am I missing something?
Update - This started working today FOR MICROSOFT AUTHENTICATOR ONLY. Still no go for Dashlane or any other service. Since we use Authenticator, this was very good new for us.
This still does not work with Google's own MDM and Google's own password manager.
are there any updates? having the same issue here
This still only works with Microsoft Authenticator for me. Neither Dashlane nor Google's own Password Manager work. Given the fact that the Beta for Android 16 is out, I am wondering if they are going to just fix it in 16.
If it works for MS Authenticator, it's on the app level, I suppose. Maybe they are fixing it in Google Play Services or in Google app?
Hello tngvmd, Kiendeleo, geekhelp_grant, psiniemi, HalvorsonD, ct-nremez, tmeyers, nzbiship, thomask
Thanks again for continuing to investigate this. I've been exploring this too and would recommend to contact your specific EMM/MDM, as this appears to be working slightly differently from one partner to another.
I know this isn't the most useful answer here, and I will continue to follow-up on this. Please do continue to discuss what you are experiencing, I will continue to feed it back to our team.
Thanks so much,
Lizzie
This is a particularly useless response, as my MDM provider is Google Workspace. A Google Product Provided by Google. Google Workspace support already has a ticket open that says it is an Android issue, which is another Google product.
We use Google Workspace and Google Pixel phones. I AM the owner/admin of our Google Workspace. Is there a setting we need to change in the Admin Console? This broke when I simply upgraded our phones to Android 15.
Google Workspace would need to implement the APIs released for 15 as it's a default-disable. Lizzie could probe for answers internally but if you have an active support agreement with them you'll encourage a better response by reaching out as it increases demand generation for their product folks.
would recommend to contact your specific EMM/MDM
Sure... 🙄
Hey Google. Your Google Workspace MDM is broken with Android 15 on Pixel 7 Pro.
As mentioned by others, this was working perfectly fine in Android 14, but the update to 15 broke it.
So I've received a note that Google Workspace has an internal feature request (381410766) to create a policy setting for the credentialProviderPolicy field. This field was optional in A14 but became mandatory in A15. Apparently, this policy change has caught Workspace completely flat footed, as the timeline for the feature request was said to be "...a few months" from now (even though I raised it when A15 was released). Apparently, we'll all be on A16 by the time Google Workspace realizes that there's been a security change in the Android requirements.
The answer that I was given by Google was to turn off passkey usage and simply use 2SV. I assume that Google also recommends us using simple, memorable passwords since we can't use the high-entropy passwords that password managers allow us to use. I'm going to use "hunter2" since I seem to remember it really easily.
I do have a suggestion for the developers: there's this really cool new AI coding tool called "Gemini" by a company, I can't remember who it is but I'm sure they have the highest security standards. Maybe ask it, something like: "Provide me with the necessary code to enable changing the credentialProviderPolicy under the Android Management API". A few questions later, and you'll probably have everything you need.
Hello everyone,
Thanks again for your continued feedback on the change to the authenticator experience and how it's been rolled out. I am relaying your frustrations and broader experiences back internally.
I'm working to get a more detailed explanation of the change for you. Hopefully this context would be helpful.
In the meantime, let's continue the conversation on this - I will continue to ensure they are heard internally.
Thank you,
Lizzie
Hi Lizzie , any updates you can share? Anxiously awaiting this fix!
Hello everyone,
tngvmd, bholmquist11, thomask, Kiendeleo, ofer_shnitzer, tmeyers, geekhelp_grant, RobCordon, ct-nremez, nzbiship, psiniemi, HalvorsonD
Thank you once again for your feedback here. As mentioned above, I wanted to provide you with a bit more context on this change.
A credential manager is a great way to manage passwords, and I can see from the comments here how important this is to many of you here, but from a work perspective we’ve heard concern from customers that end-users could save work-related passwords in non-approved credential managers - which could add additional risk.
Based on this, the ability to control credential managers for work was introduced in Android 14, and a corresponding AMAPI EMM policy was released.
As mentioned by several of you, this now means an EMM or IT admin needs to specifically select an allowlist for credential manager. If an approved credential manager is not set, employees will be blocked from using a credential manager in Work Profile and Fully Managed devices.
Our partner team has been working with EMMs to help support them in enabling IT Admins to configure the settings required for this policy.
We know that many EMMs have made, and continue to make, updates around this policy, hence I would still recommend it is best to contact your specific EMM to find out the latest information.
For those of you who are using GEM (Google Endpoint Manager), I understand your frustration here - the team is actively working on building support for allowlisting Google Password Manager for users’ credentials. I have been following this closely and can see that they are making progress and I hope to update when I have more news on this.
Please continue to share information on this here in the community, your feedback is really helpful and I hope this will be running a lot smoother for you all shortly.
Thanks so much,
Lizzie
the team is actively working on building support for allowlisting Google Password Manager for users’ credentials.
Am I understanding this right in reading that the intention is to only allow Google Password Manager if we're using Google Endpoint Manager? As in, we will not have the ability to whitelist e.g. Bitwarden outside of enterprise/EMM setups?
Hey tmeyers,
Thanks for your reply.
Not necessarily. Really at the moment, our partner team in general is helping to support GEM and other EMMs, where possible, to enable the settings required for this policy. I don't currently have more of an update on the specifics.
I have seen some EMM enable only one or two to start with, so there is potential for this to be the case, at the beginning.
I would continue to provide your feedback directly to GEM on your desired outcome here and other EMMs if anyone reading this isn't with GEM.
Out of interest your example here 'Bitwarden outside of enterprise/EMM setups' is this for a particular management mode only?
The Google password manager seems to work now with GEM. However, there appears to be no mechanism for using a full-featured password manager and approving it at an organizational level. If this is not resolved promptly, then it is a clearly anticompetitive move by Google to eliminate competition that the lawyers at the FCC will love to use as leverage to break up Google further.
How do I do this? "As mentioned by several of you, this now means an EMM or IT admin needs to specifically select an allowlist for credential manager. If an approved credential manager is not set, employees will be blocked from using a credential manager in Work Profile and Fully Managed devices."
Google Password Manager now works (Android 16). All other apps still say blocked by work policy. Is this really that hard to fix?
