Enable ADB debugging is grayed out - This setting is managed by your administrator
This issue was documented in 2021 but with no solution. My Chromebook is managed by my company and I am the manager. But Google tries to find the managed option to unlock for this to work in the administration interface for more than 15 days without success. By the way there are thousands of options in the admin interface it could be a clever feature to number them. If you are in front of the same issue please add your comments to this post. I hope that Google support will succeed to solve the issue soon because I developed my first app for Android on my Chromebook with Android Studio and I was able to download it to my phone before these 15 days.
AMAPI prepareEnvironment() randomly throws SecurityException right after enrollment — persists until device reboot
Hello everyone, I am implementing a custom Device Policy Controller (DPC) (device owner mode) and integrating the Android Management API (AMAPI) locally on the device using: EnvironmentClient.prepareEnvironment() AccountSetupClient.startAccountSetup() Both calls happen directly after device enrollment, inside a flow that starts within minutes after provisioning. Most of the time, everything works perfectly. However, randomly, prepareEnvironment() fails immediately after enrollment with: java.lang.SecurityException: Permission denied to call Android Device Policy app. And once this error happens, all subsequent calls to AMAPI continue to fail with the same exception — until the device is rebooted. After reboot, AMAPI works normally again. Sometimes onboarding works the first time, sometimes not, with no changes in our code or provisioning steps. We consistently see repeated Google Play Services / Dynamite module errors whenever the failure occurs: Invalid module.yaml info for apk: split_GoogleCertificates_installtime.apk DynamiteModule: Failed to load remote module: Failed to get module context GoogleCertificates: Failed to get Google certificates from remote DynamiteModule: LoadingException: Remote load failed. No local fallback found. Followed by AMAPI denying our DPC: Permission denied to call Android Device Policy app. java.lang.SecurityException: Permission denied to call Android Device Policy app. This state persists indefinitely until the next device reboot. I test on my Samsung Galaxy Tab A8 (SM-X200) We rely on AMAPI to complete Managed Google Play provisioning right after enrollment, and this intermittent failure is blocking many devices until they are rebooted. Any insights, known issues, or best practices from Google engineers or EMM partners would be extremely helpful. Thank you!
Fido2 key and their issues using them on Android
First, do Android support using Fido2 keys on Android? Yes, it does support both using bluetooth, NFC and USB authentication. For reference: https://developers.google.com/identity/fido/android/native-apps But does it mean that it is straight forward to use it in a enterprise environment without hiccups? No, the support lacks many features that both Windows and iOS has supported for long time. If I buy a modern Fido2 with OTP support, will it work straight out of the box for using the USB? No, you need to disable the OTP support first. Here is how you can do that from yubikey manager, this works for Yubikey. Other vendors might have something similar. But for Fido2 keys without OTP support, it should work out of the box for USB-C, like Google titan. Why this happens, dont know. Can we use NFC for Entra ID authentication like we can on Windows and iOS? No. Android does not currently support CTAP2 for NFC, only for USB-C input. CTAP1 (FIDO U2F) supports certificate based authentication, but CTAP supports user verification with PIN and biometrics. Entra ID requires UV (user verification) before accepting login. As far as I know, there is also support for bluetooth. But I dont have any fido2 keys that support bluetooth yet. So why does this matter? With Android you can have shared devices with secure login for multiple users with a single log in for all supported apps, auto log off and many other possibilities. https://learn.microsoft.com/en-us/entra/identity-platform/msal-shared-devices Other sources/discussions: https://www.reddit.com/r/yubikey/comments/1oncuh2/whats_the_point_of_nfc_on_android/ https://www.reddit.com/r/yubikey/comments/13tlzoc/fido2_inconsistent_across_windowsandroid/ https://fidoalliance.org/specifications/
Unable to upload bulk CSV file to ZeroTouch
Hi Team, Is there currently an issue uploading a bulk .csv file to ZeroTouch? It's giving me an error. See below. Steps below: I downloaded the sample .csv file then updated it with my data, then uploading it again to the portal as is without changing the name or file extension as seeing above, yet its giving me an error. This was working not long ago, just wondering if there is currently an issue. Thanks
Set up a new Android Enterprise domain in Intune/EMM when an old-style Google Account is still connected
Hi, I have a situation similar to this older discussion - situation as follows: My EMM is MS Intune. Managed Goole Play Store was set up in April 2024 before the new method of creating Android Enterprise admin accounts on a managed Google domain - using a normal Gmail account This Gmail/Google account was forcibly deleted in the last month, presumably for inactivity, as the first linked discussion describes. Only the final termination email was ever sent to the recovery email, no other warnings were received. Recovery was not possible (it just said that no recovery methods were set up, even though there was a recovery email - hence the warnings...!) and now the account shows as nonexistent rather than potentially recoverable, although it's less than the quoted 30 days that recovery is available. I have seen (Community Manager) Lizzie's helpful posts and advice from a couple of years ago, including this article describing the potential for having support migrate the EMM bind from one account to another. However, I don't yet have another account to migrate to, since I would be moving from an old Gmail account to a new managed domain account - which I don't yet have, as I can't sign up as a 'new customer' to Android Enterprise within Intune, because the old bind still exists, and I haven't found anything to tell me how to sign up other than going through the EMM. I want to keep the old bind active so it doesn't break existing devices, even though I think that's what's stopping me signing up to Android Enterprise in the new way. Removing this existing orphaned bind will break everything, and Lizzie's info in other posts has suggested that the bind will stay mostly-working if left alone, whereas removing it will trigger retirement of all devices. MS/Intune support don't seem to be aware of the possibility of contacting Google support to migrate a bind, but even if they were, I don't yet know what to tell them (as I have no new destination account, of course). They just advise me that it will need a new account and re-enrolment of all devices, which I'm hoping to avoid. I know this is convoluted, but that's why I was hoping for help. Is there a way to get a new Android Enterprise admin account set up, using the new managed domain method, without breaking the existing bind - and then to migrate the bind across? Thanks Dev
Android 15 - Cannot set default password app
We use Microsoft Intune to manage devices. For the devices which have upgraded to Android 15, the end users can no longer select Microsoft Authenticator as their default application for auto filling passwords. I cannot find any settings in Intune to allow it. All devices are fully managed corporate owned devices. The devices are all Google Pixel 8 or 8a devices. Is this a bug in 15 or am I missing something?
GBoard - Suggestion Strip
Hi, We want to use GBoard on kiosk devices but we aren't able to remove the suggestion strip using managed configurations. All other settings can be configured fine though. The show suggestion strip configuration is set to disabled. But with versions 15.x and 16.x of GBoard it's still visible on the devices. And when checking the setting locally on the device it's still enabled (Disabling manually works fine) Back in version 14.x this configuration worked fine. Anyone else who has experienced the same thing? We've tested this on devices from Samsung, Bluebird, ELO, and Zebra. Android version doesn't seem to have any impact, just the GBoard version. // Magnus
Android Enterprise Partner Application/Quota Status
Hi, We own and manage an asset management solution used by various clients. Recently (in the last 12 months) we have implemented an MDM/EMM type of solution that uses the Android Management API to enrol/register devices and assist clients with their asset management processes and managing risk through the Android Management API. Now, from an Android Management API perspective, we understand the permissible usage policies and believe we do comply with the requirement. When we originally started the endeavour, the quota on how many device can be registered was a default of 500 devices. We recently noted when some clients try to enrol/register devices, that during the set up process on their devices, that it states that they have reached the usage capacity limits. When we checked the project(s) associated with the clients, most have between 200 - 380 devices enrolled/registered which is below the 500 device qouta. More recently, we noted that the Android Management API permissible usage policies were changed/updated on 29 October 2025 from a default of 500 devices to having to request an initial quota of 500. This means that that enterprises or projects we have recently set up would fail. We submit a request for a quota increase on earlier projects and a request for an initial quota on a new project. This was more than a week, or 7 working days, ago. We also submit an application to become and Android Enterprise Partner on the 12th of November 2025 which we received a response with additional questions about two days later which we responded to promptly. The challenge here is managing client expectations and frustrations in not being able to enroll/register and additional devices, with one client looking to enrol/register over 5000 devices and another prospective client having over 15000 devices. Is there any way we can see the progress on the quota increase/initial quota requests and progress of the partner application or whether there is any other questions or concerns we can remediate to move forward? Its been a challenging week trying to manage our frustrated clients and really want to use the Android Management API and Android Enterprise much more in the future but the limitations are prohibiting us from doing so. Any assistance or perhaps someone we can contact would be appreciated.My application was rejected
Hello, good afternoon everyone. I'm writing to this forum to ask for help. A few weeks ago, I applied for the EMM and Enterprise Android Partner program. My application was rejected without any explanation in the emails. I'd like to know the requirements to join the program. We are a development company based in Guatemala and the United States (and soon in Mexico and Colombia), as we currently have a client requesting an MDM system for their Android device retail store. This is our first time applying to this program so we can offer our services to this client and any future clients who might be interested. If you could send me the program requirements so I can apply correctly, I would be very grateful. Have a good afternoon. Greetings from Guatemala.
