Android device management - Unable to enroll: DEVICE_MODE_QUARANTINED
Hello everyone, New to Google device management and hoping someone is able to help me out. I had tried to enroll various Android devices in COPE, Work Managed and Work Profile (BYOD) modes but each of them are failing at the "Registering profile" screen. It look like the Work Profile has been created, but does not appear to be functional and devices are not appearing in the Google admin console. Pertinent (I think) are of the logcat logs are showing: 10-09 18:06:39.752 22672 28291 I clouddpc: [PolicyLogHelper.java:logPolicies:103] Device mode: quarantined 10-09 18:06:39.752 22672 28291 I clouddpc: [PolicyLogHelper.java:logPolicies:105] Got policy. Size: 0 10-09 18:06:39.752 22672 28291 I clouddpc: [OverrideLayer.java:loadFromFile:98] No override for compliance_rules 10-09 18:06:39.752 22672 28291 I clouddpc: [EventLogManagerImpl.kt:logMessage:1641] Event logged: PolicyPulled details: [id=default, version=0, mode=DEVICE_MODE_QUARANTINED] metadata: [isNetworkConnected=true] 10-09 18:06:39.753 22672 28291 I clouddpc: [EventLogManagerImpl.kt:logMessage:1641] Event logged: PolicyPulled details: [currentPolicy=PolicyIdentifiers(policyName=default, policyVersion=0), flowId=f02e170ef5ae087b3d825321c3dbee57bb0cd4aa3b1bba061dd934da8cb7937b] metadata: [isNetworkConnected=true] 10-09 18:06:39.754 22672 28291 I clouddpc: [RestoreUtilImpl.kt:getRestoreIntent:66] Getting restore intent 10-09 18:06:39.756 22672 28291 E clouddpc: [PolicyUpdaterImpl.java:retryPullApplyAndExecuteCompliance:478] Policy update mitigation failed, 1 tries done, 0 tries left 10-09 18:06:39.756 22672 28291 E clouddpc: dbc: Device mode: DEVICE_MODE_QUARANTINED Looks like my devices are being quarantined? Not sure what this means... Is there some kind of allow-list that I need to populate? Appreciate any help you can offer!
Microsoft Company Portal App
Hi all, Seems that latest Company Portal version from Microsoft is having some issue. Problem description: Installation from Play Store is working but launching Company Portal app, it just freezes with logo on the screen. Never does anything, just freezing. We have case opened to Microsoft. Keep you all posted. Version 5.0.6170.0 Published 28.2.2024 Please test if you have BYOD method setup for your company. -jarmo
Enhancing Android Enterprise OS Update Management
Hi, The way the Android API implements OS update management on Android Enterprise devices is not particularly useful for devices with user affinity. Are there any upcoming API changes for EMM solutions like Microsoft Intune? From my experience with the current API: AUTOMATIC – The OS update is installed as soon as it becomes available via OTA, which is not practical for real-time scenarios. WINDOWED – Similar to AUTOMATIC but with the limitation that OS updates can only be installed within a defined maintenance window. This means that if a user needs to update their device due to a software bug fixed in the latest OS version, they may not be able to do so immediately if the maintenance window is set outside working hours. Source: https://support.google.com/work/android/answer/13791272?hl=en#zippy=%2Cmanaging-system-updates-using-system-update-policies Suggested Improvements: Provide an option to control OS updates on BYOD (Work Profile only). I understand that when enrolling a device through Work Profile, only the work container can be managed via EMM. Google may need to reconsider this approach. It would be beneficial to have an approach similar to Apple’s, where EMM admins can manage OS updates (e.g., push specific updates, set deadlines, etc.) through DDM (Declarative Device Management - Source: https://support.apple.com/en-gb/guide/deployment/depc30268577/web ), even on BYOD devices (Device Enrollment) — without requiring supervision like DO (Device Owner mode). I’m aware that Samsung Knox E-FOTA exists, but it is limited to Samsung devices. Expanding this capability to all Android devices (like Google Pixel devices) would greatly improve update management in enterprise environments. BR, MarcoBYOD AE Work Profile - Samsung Device with Android 12, 13 - Sharing Serial no/IMEI details with Intune MDM
We are observing, Intune started displaying the Serial no's /IMEI's of Samsung Android 12, 13 device and device type is BYOD -> Work Profile. did you see this in your environment? Model affected are SM-A,G,S,G,M SERIES.
Work contacts not recognized when ringing - works fine otherwise
Hello, I am having an issue with contacts from my work profile not being recognized when I have an incoming call, the notification is showing the phone number, but as soon as I pick up the contact name shows up. Calls history also displays the contact name. I am using my personal phone (aosp android 13) as a work phone, with two sim cards and a work profile linked to an enterprise google account. Both profile have Google contacts and dialer apps installed, with the "Identify callers numbers" option turned on. Gave all the permissions I could to both apps, but this hasn't fixed it. Any suggestion ?The Security patch level data missing - MS Intune
Hi everyone, We are using MS Intune to manage our Android devices. The Security patch level data on our Android BYOD enrolled devices seems to be blank on all devices as they do a new sync via Company portal app. It seems like this has all happened in the last few days. Any other MS Intune customers seen this behavior last days? This is very critical to our device compliance. Currently we have a little over 3000 devices enrolled in BYOD mode, and patch info is now missing for about 2/3 of them. On some of our devices where we still saw the info, we did a check device settings in the company portal, and then the info went away. This was with Company Portal version 5.0.5981.0. First guess was that some change to company portal app was causing this issue. There are a lot of devices with recent contact time that still show patch info now, but not sure what CP version is on them. thanks Jarmo
Android Enterprise BYOD Wifi Profile - disable auto-connect not working
Hi all, Been dealing with this issue for Android devices. We're implementing EAP-TLS for an enterprise wifi. Devices are connected to the network. But one thing that brought attention to us is how the android devices keeps on re-enabling the auto connect setting on a device level. That means, devices will auto join the network even without user's consent. We tried using the built-in template in intune but the option there for Connect automatically is not given. We pulled the diagnostics logs from company portal app and we can see that the wifi profile is actually set to <connectionMode>manual</connectionMode>. We also tried creating a custom wifi profile, uploaded the xml with <connectionMode>manual</connectionMode> but the device keeps re-enabling the auto connect setting. I'm 100% sure this is not an intune issue because the profiles are pulled down with the correct parameters to set connection mode to manual but please tell me if I'm wrong and if you guys could lead me to proper direction on how to resolve this, I'd really appreciate it.