Android 15 - Cannot set default password app
We use Microsoft Intune to manage devices. For the devices which have upgraded to Android 15, the end users can no longer select Microsoft Authenticator as their default application for auto filling passwords. I cannot find any settings in Intune to allow it. All devices are fully managed corporate owned devices. The devices are all Google Pixel 8 or 8a devices. Is this a bug in 15 or am I missing something?
[EMM] My Android EMM Registered account is forced to re-register Android Enterprise.
Hello all, I have my business account registered with Android EMM Registration for about 5 years. About a month ago, there was a problem with API connection with an error message 'UNAUTHENTICATED' reason 'CREDENTIALS_MISSING' which impact on device enrollment and app push service. I have no luck finding ways to fix it and I cannot open any support case with my free account. I decided to reconfigure Android EMM Registration with the same account. Google directed me to newly register enterprise account ended up with same account but different 'Client ID' and 'Google Service Account Email Address'. All my apps in private store and previous managed app are missing. Is there any way to bind my email account back to Google Client ID? so I don't have to separate manage apps and devices on my EMM system. Note When I login to Play Work, I still can see my previous 'Client ID' profile. However, on EMM system, it shows my new client profile. Regards, BKP
(COPE) Hide app in work profile
Hello, I have a small case I'd like to submit to the community for help please. A customer use Mobile Iron, and use Zero Touch to enroll our Android 14 products. In their DPC extras, they enabled the system apps and need to keep that way: "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true, "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{ "workProfileEnabled": true, "quickStart":"true" } Now after the device is enrolled, the Work profile is filled with bunch of apps including unwanted ones like Netflix, Adobe, YT kids, ... From Mobile Iron, they want to hide/disable some apps, using "setApplicationHidden" but it doesn't work. At OEM side, we tested this API with the Test DPC and it works properly. My thinking was that as we are in COPE, and the apps that the customer wants to remove are from the Personal space, then this is not working as the MDM cannot interact with Personal space content. Does this make sense? Are there a way to hide the unwanted apps from the Work profile, despite having "leave all system apps" enabled from the ZT DPC extras? Anyone has any suggestions please? Thanks!
Google Advertising- ID ( AD-ID)
Hi i´m looking for an option to disable/clear the Advertising-ID (AD-ID) on a fully managed Device, i found the KB https://support.google.com/googleplay/android-developer/answer/6048248?hl=en Is there any option to remove or clear the AD-ID from EMM/MDM side without a User action? and is there any more detail information how AD-ID is working on an managed Device? Appreciate your feedback BjoernIntune not adding PROVISIONING EXTRAS - Zero-Touch
Hi, Have an issue when linking Intune to Zero-touch. When connecting the 2, it does not add any "PROVISIONING EXTRAS" I can create it manualy, with the EMM DPC and DPC extras. When i asign it manualy it work, but when it's set to "Enterprise Default Profile" it will look at the DPC extras from intune (That is Empty) and then just ask for QR or code to the Profile. The Intune profile that is selected as default is a "Corporat-owned, fully managed user device" profile in ZT Have been in contact with Microsoft regarding this for 3 months, and they cannot help me, they only thing they can say is "The profile maybe Corrupt" and we need to create a new one. We have 250 devices added to ZT by this point Have tried unlinking, and linking after waiting 24 hours, and so on. But nothing have worked. I was hoping that someone in here can help me with this 🙃
Fido2 key and their issues using them on Android
First, do Android support using Fido2 keys on Android? Yes, it does support both using bluetooth, NFC and USB authentication. For reference: https://developers.google.com/identity/fido/android/native-apps But does it mean that it is straight forward to use it in a enterprise environment without hiccups? No, the support lacks many features that both Windows and iOS has supported for long time. If I buy a modern Fido2 with OTP support, will it work straight out of the box for using the USB? No, you need to disable the OTP support first. Here is how you can do that from yubikey manager, this works for Yubikey. Other vendors might have something similar. But for Fido2 keys without OTP support, it should work out of the box for USB-C, like Google titan. Why this happens, dont know. Can we use NFC for Entra ID authentication like we can on Windows and iOS? No. Android does not currently support CTAP2 for NFC, only for USB-C input. CTAP1 (FIDO U2F) supports certificate based authentication, but CTAP supports user verification with PIN and biometrics. Entra ID requires UV (user verification) before accepting login. As far as I know, there is also support for bluetooth. But I dont have any fido2 keys that support bluetooth yet. So why does this matter? With Android you can have shared devices with secure login for multiple users with a single log in for all supported apps, auto log off and many other possibilities. https://learn.microsoft.com/en-us/entra/identity-platform/msal-shared-devices Other sources/discussions: https://www.reddit.com/r/yubikey/comments/1oncuh2/whats_the_point_of_nfc_on_android/ https://www.reddit.com/r/yubikey/comments/13tlzoc/fido2_inconsistent_across_windowsandroid/ https://fidoalliance.org/specifications/
Need understand some point of this feature - 3.6. Managed configuration management
I have implemented this following feature - 3.6. Managed configuration management. Everything understand but got stuck in point - 3.6.3. The EMM's console must allow IT admins to set wildcards (such as $username$ or %emailAddress%) so that a single configuration for an app such as Gmail can be applied to multiple users. Not understand how to implement this wildcards in one policy for different devices and also let me know for gmail it is supported or not? Thanks in advance.
