How to obtain the eSIM EID (Embedded Identification Document) from a device with DO (Device Owner) active?
Hello, We are looking to implement the functionality to provision eSIM profiles on devices with Android 15+. However, we encountered a telecom provider that requires the EID of the devices before providing us with the eSIM activation code. In this initial stage, we are simply trying to obtain the EIDs of all devices so that we can send them to the telecom provider and receive the eSIM activation code in return. To obtain the EID, we are using the following approach: `euiccManager.createForCardId(slot).eid` However, we are encountering this issue as noted here: *Must have carrier privileges on subscription to read EID for cardId=0 [java.lang.SecurityException: Must have carrier privileges on subscription to read EID for cardId=0]* The same issue occurs with `euiccManager.eid`. According to the documentation mentioned above, Android 15 introduced the possibility of managing eSIM profiles without requiring carrier privileges. However, it seems that the same should also apply to obtaining the EID. I noticed a similar situation reported here that has been unanswered since September 2024. Is there any other way to retrieve the EID, or is there any plan to include EID in the bypass for managed corporate devices (which have Device Owner active)? Looking forward to any insights on this. Thanks in advance!Factory reset protection (FRP) or enterprise factory reset protection (EFRP).
Hello, since Android 15 we have encountered a huge problem with Corporate phones (enrolled in BYOD) for which users leave the company without deleting their account. We therefore found ourselves with locked phones that we cannot return to our reseller (who asks us for a large sum to unlock them) so I come to you to find a solution or a tool available to the technical teams to clean up. We are open to any advice or help
Intune - Swapping Managed Google Play Account with Devices enrolled in Device Administrator and AOSP
Hi All, My Intune environment is connected with an old-school gmail.com account - i access the managed store page by going to https://play.google.com/work to approved apps / etc. - This was an old solution that saw little to no use. We're now looking at requiring Intune enrollment on our android devices and it'll get a ton of use once we do that. I'd like to upgrade my account to an Android Enterprise account, but it looks like to do that I'll need to disconnect the Managed Google Play account from Intune. My understanding is that I will need to un-enroll all my android devices from the tenant before doing that. For personally owned devices with work profiles, that's not a problem - we only have 3 PoC users that I can unenroll. The only other two enrollment options we use are Device Administrator (For Yealink teams phones...) and AOSP (For.. newer.. Yealink teams phones). Will disconnecting Managed Google Play affect the enrollment of Device Administrator or AOSP? Thanks!
Need understand some point of this feature - 3.6. Managed configuration management
I have implemented this following feature - 3.6. Managed configuration management. Everything understand but got stuck in point - 3.6.3. The EMM's console must allow IT admins to set wildcards (such as $username$ or %emailAddress%) so that a single configuration for an app such as Gmail can be applied to multiple users. Not understand how to implement this wildcards in one policy for different devices and also let me know for gmail it is supported or not? Thanks in advance.
Common identifier between AMAPI & Require for setup app for validation
We are enrolling devices using AMAPI by generating a QR code with an assigned policy either for work profile or fully managed enrollment. During enrollment, the device prompts for a require for setup app, which, after configuration, returns RESULT_OK, marking the setup as complete and finalizing the device enrollment. Before returning RESULT_OK, To identify the enrolling device, the backend gets the device ID and enterprise ID from the Pub/Sub provisioning notification. The device ID (which matches the GSF ID) is then sent by the require for setup app to the backend for validation. This identifier is also used to enforce enrollment limits based on the enterprise license count. The Issue: Up to Android 14, retrieving the GSF ID was possible. However, in Android 15, it now returns null. Question: Is there an alternative identifier that can be used to identify the enrolling device—one that the backend can retrieve and that the setup app can also access during enrollment? Below is the information we receive from Pub/Sub when a device is enrolled: { "name": [*Hidden for privacy reasons] "managementMode": "PROFILE_OWNER", "state": "PROVISIONING", "enrollmentTime": "2025-04-04T06:17:02.751Z", "lastPolicySyncTime": "2025-04-04T06:17:02.817Z", "softwareInfo": { "androidVersion": "15", "androidDevicePolicyVersionCode": 10323580, "androidDevicePolicyVersionName": "128.32.3 (10323580)", "androidBuildNumber": "AP3A.240905.015.A2", "deviceKernelVersion": "5.15.149-android13-8-00010-gc2e0ba41ba85-ab12040008", "bootloaderVersion": "unknown", "androidBuildTime": "2025-03-11T13:26:50Z", "securityPatchLevel": "2025-03-01", "primaryLanguageCode": "en-IN", "deviceBuildSignature": "c9009d01ebf9f5d0302bc71b2fe9aa9a47a432bba17308a3111b75d7b2143456", "systemUpdateInfo": { "updateStatus": "UP_TO_DATE" } }, "hardwareInfo": { "brand": "Redmi", "hardware": "mt6835", "deviceBasebandVersion": "MOLY.NR17.R1.TC8.PR2.SP.V1.P51,MOLY.NR17.R1.TC8.PR2.SP.V1.P51", "manufacturer": "Xiaomi", "serialNumber": [*Hidden for privacy reasons] "model": "23124RN87I", "enterpriseSpecificId": [*Hidden for privacy reasons] }, "policyName": [*Hidden for privacy reasons] "memoryInfo": { "totalRam": "5865836544", "totalInternalStorage": "806965248" }, "userName": [*Hidden for privacy reasons] "enrollmentTokenName": [*Hidden for privacy reasons] "securityPosture": { }, "ownership": "PERSONALLY_OWNED" } *Updated by Community admin - removed due to privacy reasons 4 April
GSF ID not generated after device enrollment on Android 15
Hi everyone, We’re facing an issue with devices running Android 15 — after successfully enrolling them in our Android Enterprise setup (Device Owner / Fully Managed mode), the Google Services Framework (GSF) ID is not being generated. This issue did not occur on Android 13 or 14; the GSF ID was available immediately after enrollment. However, on Android 15, the GSF ID remains empty even after waiting and rebooting. We’ve already tried: Factory reset and re-enrollment Checking Google Play Services version Ensuring the device is connected to the internet Waiting for Play Store sync Despite that, the GSF ID is still missing. Could anyone confirm if there’s a known change in Android 15 related to GSF ID generation, or if additional permissions/configuration are required for enterprise-enrolled devices to obtain it? Any guidance or workaround would be greatly appreciated.
Samsung Devices: Can't call from a personal app
Hi everyone we received some reports from our users in the last couple of month that suddently the phone app on COPE devices (Samsung A-series) starts to show "Can't call from a personal app" - Your organisation only allows you to make calls from work apps. Workaround: Reboot the device. For most of the reports this workaround has to take place once and the message is gone forever. A very small amount of devices starts to show this message again after a couple of weeks. Rebooting is resolving the issue again. Any idea of how to prevent this? Even emergency calls are not possible if this error is appearing! Does anyone else have seen this behavior? Raised a case with Samsung today. Thanks! Daniel
