Need explaination of following feature implementation for AER -3.19. Application track management
I have implemented the following feature and I can set application track from my emm console but not understand what to show for validation or how it will further works after set app track info. Thanks in advance.
Support for a Single VPN Instance Shared Across All Users on a Corporate-Owned Device
Hello everyone, I am exploring how to reduce resource usage on corporate-owned Android devices that are configured with multiple users or profiles. Currently, Android's VPN framework is per-user: Each user (or work profile) maintains its own VPN state. An Always-On VPN can only be configured within the context of the current user or profile. This means that if a device has several users, each user needs to run a separate VPN instance. This design results in unnecessary duplication: Multiple VPN processes or tunnels are active on the same device. System resources (CPU, battery, memory) are consumed redundantly. The VPN app itself must be installed and configured multiple times. My request/idea: Enable a single VPN instance at the device level (not just per-user), so that one VPN tunnel can secure network traffic across all users and profiles. This would: Greatly reduce resource waste. Simplify deployment and management for IT admins. Prevent the need for each user or profile to maintain its own VPN connection. Questions for the community and Google team: Is there any existing mechanism (documented or OEM-specific) that allows a VPN to operate at the device scope rather than user scope? Are there any roadmap plans to support device-level VPN in Android Enterprise? If not currently supported, could this be considered as a feature request for future Android versions? This would be particularly valuable for dedicated devices and shared device scenarios where multiple users must access corporate resources, but IT only wants to maintain one VPN tunnel. Looking forward to your insights and to hear whether others face the same challenge. Thank you.
Not able to restrict personal email from logging into Work GMAIL app for BYOD enrolled devices
I wanted to restrict personal emails (with gmail account) from logging into Work GMAIL app for BYOD enrolled devices. I however want workspace accounts to be able to login. When I set modifyAccountsDisabled to true in AMAPI policy, no account can be added (including workspace account). Same problem happens when I specify com.google for accountTypesWithManagementDisabled - no account can log into GMAIL. Is there any solution to this ? Thanks in advance.
Unlinking Zero Touch Account from deleted Enterprise
Hi, we are currently trialing automatic device enrollment using a Zero Touch Account and baramundi Management Suite as our EMM solution. It all worked well, until I deleted the Android Enterprise account before unlinking it from our Zero Touch account. When I now try to create a new enterprise and link it to our Zero Touch account, it says that it's already linked and I can't proceed to the actual Zero Touch console within the iFrame in the EMM. Sadly I can't change the display language for the iframe. It says "Choose accounts to be linked" and the light grey part next to the checkbox says "already linked". I'm only presented the option to go back and choose another Google account. There doesn't appear to be an option on the web portal version of Zero Touch (https://enterprise.google.com/android/zero-touch/customers/) to unlink the enterprise either. When I try to delete the enterprise it warns me to unlink the Zero Touch account before proceeding and tells me that all enterprise related data will be deleted after 30 days. So my question is: Is there another way to unlink the enterprise from the Zero Touch Account or do I simply wait for 30 days and then the link is deleted automatically? Peter
Organization reached its usage limits, your work profile can't be set up.
We have a fleet that is managed with Android Management API that we use for pre prod testing. We started getting `Organization reached its usage limits, your work profile can't be set up` error recently in this enterprise. It had about 800 device when i did the list devices call. I have now removed the older devices and the list device call now returns 84 devices, but I still see the above error when trying to enroll new device. Its been about 2 days since i deleted the devices. Also been about 2 days since i have filled up https://docs.google.com/forms/d/e/1FAIpQLSf4VCzblf27V6jx1_iFt7lD1WjyCDpSDzQcxunTbQdbkEGG4Q/viewform to increase the quota for registered devices. Is there any way to investigate this issue? Can I check the registered devices qouta anywhere in GCP console? Are there any other case where I can see this error? I am seeing this error for both work profile and fully managed device.Seeing spike in HARDWARE_BACKED_EVALUATION_FAILED for Android 16 devices.
We are seeing a spike in HARDWARE_BACKED_EVALUATION_FAILED in https://developers.google.com/android/management/reference/rest/v1/enterprises.devices#securityrisk field in AMA Device response. We are seeing this mostly in the Android 16 customers and for some users it went away without any change on their side. So it does not seem anything wrong with the devices and seems random. Anyone else facing this with AMA or play integrity?
Play Store number of downloads counter
Hi all, Just had a question which might seem quite easy, but couldn't find the answer. I wonder how the number of downloads accompanying an application in the Play store compares to the number of downloads not done manually by a user, but downloads based on apps pushed from an EMM. For several applications, I see relatively low numbers of downloads in the Play store. Based on these low numbers, I can practically guarantee that downloads via Managed Google Play are not included here. In itself plausible, but I have not been able to read anywhere in documentation whether or not this is correct, can anyone confirm this. At the same time if MGP downloads do not count towards the number of downloads listed in the Play Store with the app, are MGP downloads counted separately somewhere? Thank you in advance, TomDisable random mac address during EMM enrollment
My company is trying to provision tablets via headwind MDM. We have no problem on some of our networks, but the location they are being provisioned at at-scale have a strict no-random-mac address rule on their network. Thus far I have been unable to figure out how to create a QR code that will disable random mac address on the SSID of the network the device connects to when enrolling in our MDM. Is there a field I am missing? Surely there must be a way to overcome this.
Zebra HC50, HC20, TC21 - Zero-Touch enrollment isn't available. Check your internet connection and try again
We experiencing issues where we currently are unable to proceed with the enrolment of our Zebra devices to our EMM (WSOne). When we boot the Zebra Handset we get an error Can't finish setup. Zero-touch enrollment isn't avaialble. Check your internet connection and try again. We've tried from different network but getting same error. Their was another post about the same issue affecting Samsung S series devices which apparently samsung has fixed. Not sure how we get that fixed for the Zebra handsets
