Need Help with QR Enrollment for Multiple Devices in Educational Environment – Is External MDM Required?
Hi everyone, I'm managing a large number of Android tablets in an educational environment. I'm trying to enroll the devices using Android Enterprise with QR code enrollment, but I'm having trouble getting the QR method to appear. So far, only Zero-Touch shows as an option, but most of our devices were not purchased through Zero-Touch resellers, so we can't use that method. My main question is: Is it strictly necessary to use an external MDM (like Miradore, Intune, etc.) to generate the QR code, or is there a way to create and use it directly from the Google Admin console or natively through Android Enterprise? We want to deploy the tablets efficiently and avoid entering accounts manually. Ideally, each device would automatically enroll with our managed Google Play account by scanning a QR code after a factory reset. This is especially important in a school context, where we have many students and limited time for configuration. We are already registered in Google Workspace, and the tablets are in a dedicated organizational unit for students. The admin account is managed, and we are using the Android Enterprise platform linked to our domain. For reference, here are two YouTube videos showing the configuration steps I followed (which reflect our current setup): https://www.youtube.com/watch?v=jI-C_y1u8jE https://www.youtube.com/watch?v=h__pvfp559Q Any advice or clarification would be greatly appreciated. Especially if there’s a native way to enable QR enrollment without needing a full external MDM platform. Thanks in advance!Using paid apps in corporate environments
Hi all, I'm just wandering about using paid apps on work devices and wanted to know how others here are working with paid apps. Another brand I shall not name makes it possible to purchase apps via a portal and then deploy those apps to your end users. But Google / Managed Google play does not offer such a solution. It makes it difficult to deploy paid apps. While most apps offer license options outside the playstore, not all of them do. How do people on the community deploy paid apps that need to be purchased through the playstore? As said before, just wandering what solutions people use to better advise our customers in such cases. I don't get this question a lot, but every few weeks it pops up somewhere (mainly because we also provide services on the dark side hardware). I'm aware that this has been mentioned a few years ago on this community, but just seeing if this have evolved. Distributing Paid Apps | Android Enterprise Customer Community - 653 Thanks! Michel
getting ready for work setup get the issue of something went wrong your app cannot become device owner by the qr code provisison by json in android
i am facing the issue in android 14 or 15 when ever i build the unsigned build it work fine for the android 13 after that it give the error like something went wrong please contact to the it admin and i am build the singed build it give error for the checksum error cannot setup but same thing if i make my app as a device owner by adb command it work fine for me let me know how to fix this issue? i try to replace the checksum and i match both checksum both are same it getting error for me why? below is my mention qr code json, {"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.abc.abc/com.abc.abc.utils.receiver.MyDeviceAdminReceiver", "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "F-EJlegNKdVupdJupPmWz34s2INjWVUDS5ErL-DuETc=", "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://downloadapk", "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED": true}
OEM Unlock toggle not available
Hi all, Recently joined the community, first time poster here. TL;DR at the bottom. Hopefully my question has a simple solution but I've looked everywhere (except here of course). I'll try to keep this as simple as possible. Everything is in UAT if that matters. The important bits: Pixel 8a Build BP1A.250505.005.B1 No SIM or eSIM Android Enterprise registered to my UAT Tenant I'm testing some scenarios for automating device compliance with Omnissa using Workspace ONE Intelligence. To test this successfully I'm going to need to flash back to an older Build and probably more than once for demo purposes. The OEM Unlock toggle is not available however, and I this is preventing me from doing my testing. I've read conflicting posts elsewhere regarding carrier unlock, SIM and/or eSIM etc. ADB is working fine but flashing older images is just not working. Any help from the community on how to get OEM unlock enabled would be greatly appreciated. TL;DR: Need to flash a pre 250505 build to my Pixel 8a. Can't toggle OEM unlock as it's greyed out.
Google services
We have a cloud customer on SoTI mobicontrol who wants to block all outbound traffic in their firewall and only allow what is strictly required. I’ve provided the customer with the official system requirements for SOTI MobiControl and Android Enterprise. However, the customer is only familiar with managing Apple devices and is looking to open the absolute minimum necessary for Android Enterprise to function — particularly avoiding wildcard domains (*) where possible. Can anyone help clarify which Android Enterprise network requirements are actually essential, especially when it comes to Google services, and which ones we can safely leave out? No file sharings, and remote control will be allowed by the customer.
Migration from Airwatch to Android Management API
One of our customers is currently onboarded to Airwatch to manage their devices, but they want to move to our Android Management API (AMA) based device management solution. Is there any support available to silently migrate these devices? Or is the only way to wipe the devices and onboard AMA. I see there is support if we own the custom DPC application. But in this case since its owned by Airwatch its out of our control.
Device Attestation: Auto-Select Client Cert + User Login on Android
Hi everyone, I’m trying to use client certificate authentication (mTLS) with Chrome Custom Tabs on Android. We want to automatically select the client certificate without prompting the user, and also ask for their username and password as part of the login process. This way, we can combine both certificate-based authentication and user credentials for device attestation. On desktop Chrome, this can be done using a policy like AutoselectCertificateForUrls, but it seems this doesn’t work on Android. If this is a known limitation, is there a way to request this feature from the Android or Chrome team?
Zero Touch Customer API Feature Request
{written in Gemini ;) who literally wrote this out perfectly} I'm requesting an enhancement to the Android Device Provisioning API (Zero Touch) to include filtering capabilities, specifically the ability to filter devices by serial number (and other relevant fields) in the initial API call. Current Situation: Currently, the API lacks direct filtering. As demonstrated in the code below, to find a device by its serial number, we must: Make a call to list all devices for a customer. Iterate through the entire list of devices in the response to find the specific device. Iterate through any following pages if not found on the first page. This is inefficient, especially for customers with a large number of provisioned devices. const listDevicesUrl = `https://androidprovisioning.googleapis.com/v1/customers/${customerId}/devices`; // ... const listResponse = await fetch(listDevicesUrl, { ... }); const listData = await listResponse.json(); let foundDevice = null; if (listData && listData.devices) { foundDevice = listData.devices.find(device => device.deviceMetadata && device.deviceMetadata.serialNumber === serialNumber); } Desired Feature: I propose adding a filter parameter to the device listing API, allowing us to directly query for devices based on specific criteria, such as serial number, manufacturer, model, and IMEI. For example, the API call could look like this: https://androidprovisioning.googleapis.com/v1/customers/{customerId}/devices?filter=serialNumber={serialNumber} This would significantly improve the efficiency of device management and reduce the amount of data that needs to be transferred and processed. Benefits: Improved Efficiency: Reduces the number of API calls and the amount of data transferred. Faster Processing: Speeds up device identification and management operations. Reduced Load: Decreases the load on Google's API servers and client applications. Simplified Development: Makes it easier for developers to integrate with the API. I believe that adding filtering capabilities to the Android Device Provisioning API would be a valuable improvement and would greatly benefit the Android Enterprise community. Thank you for considering our request.
unable to enroll the Samsung S25 ultra into Intune as BYOD.
Hi Team, We are unable to enroll the Samsung S25 Ultra devices in Intune as BYOD. We are getting the "Can't add work profile " error during the enrollment process. So far we received couple of requests for same issue and the affected users count is increasing day by day. We have reached to Microsoft team as well, they suggested to check with Samsung team.
