Need Help with QR Enrollment for Multiple Devices in Educational Environment – Is External MDM Required?
Hi everyone, I'm managing a large number of Android tablets in an educational environment. I'm trying to enroll the devices using Android Enterprise with QR code enrollment, but I'm having trouble getting the QR method to appear. So far, only Zero-Touch shows as an option, but most of our devices were not purchased through Zero-Touch resellers, so we can't use that method. My main question is: Is it strictly necessary to use an external MDM (like Miradore, Intune, etc.) to generate the QR code, or is there a way to create and use it directly from the Google Admin console or natively through Android Enterprise? We want to deploy the tablets efficiently and avoid entering accounts manually. Ideally, each device would automatically enroll with our managed Google Play account by scanning a QR code after a factory reset. This is especially important in a school context, where we have many students and limited time for configuration. We are already registered in Google Workspace, and the tablets are in a dedicated organizational unit for students. The admin account is managed, and we are using the Android Enterprise platform linked to our domain. For reference, here are two YouTube videos showing the configuration steps I followed (which reflect our current setup): https://www.youtube.com/watch?v=jI-C_y1u8jE https://www.youtube.com/watch?v=h__pvfp559Q Any advice or clarification would be greatly appreciated. Especially if there’s a native way to enable QR enrollment without needing a full external MDM platform. Thanks in advance!
Zero Touch Portal - Error Message
Hi Team, I have created a new configuration item and linked it to Microsoft Intune token. Then I have decided to remove the Intune token configuration before removing the configuration file from Zero touch (which I dont think it should matter). Then I went to remove the configuration item from Zero touch and was getting a strange error message, see below. Now I'm left with a configuration item in Zero touch that I can't remove. Can someone please help or reach out, that would be great. Also, let me know if there is anything else you require from my end.Does anyone allow multiple users on their Androids?
I've got a use case for some multi-user Android tablets and I'm trying to figure out the best solution. I know Android allows you to create secondary users by default but it appears that Microsoft Intune is disabling this setting automatically. Doesn't seem to be a way to allow it given that the only options are block or not configured. I put in a ticket with Microsoft and I'm sure their answer will be to use Microsoft Entra Shared Mode and the Managed Home Screen but that doesn't work very well. Also, it appears multi-user functionality is documented by Google and an EMM can set it up so the user can create secondary users using the standard Android settings or the DPC can create the secondary user. Also looks like there's some work to be done as far as making sure the DPC can still manage the secondary users as well. https://developer.android.com/work/dpc/dedicated-devices/multiple-users So I am curious for those using other EMMs: do you allow secondary users on any of your Android devices?
Using paid apps in corporate environments
Hi all, I'm just wandering about using paid apps on work devices and wanted to know how others here are working with paid apps. Another brand I shall not name makes it possible to purchase apps via a portal and then deploy those apps to your end users. But Google / Managed Google play does not offer such a solution. It makes it difficult to deploy paid apps. While most apps offer license options outside the playstore, not all of them do. How do people on the community deploy paid apps that need to be purchased through the playstore? As said before, just wandering what solutions people use to better advise our customers in such cases. I don't get this question a lot, but every few weeks it pops up somewhere (mainly because we also provide services on the dark side hardware). I'm aware that this has been mentioned a few years ago on this community, but just seeing if this have evolved. Distributing Paid Apps | Android Enterprise Customer Community - 653 Thanks! Michel
Play Protect Blocking Custom DPC Apps — How to Get Approval or Alternatives?
Hi everyone, I'm a developer who helps enterprises build custom DPC (Device Policy Controller) Reference Documentation apps to manage Android devices based on their unique requirements. Recently, Play Protect has started blocking the installation of custom DPC apps, even when these apps are signed and used internally. The warning claims the app may pose a risk due to access to sensitive data - even though it's strictly for enterprise use. To make things more difficult: Google is no longer accepting registration of custom DPC apps with Android Enterprise, which limits official distribution and management options. Android Management APIs don’t support all use cases, and also have quote limit. I’ve applied twice to join the Android Enterprise portal to build a SaaS-based device management platform, but both requests were rejected without a clear reason. My questions for the community: Is there any official way to get a custom DPC app approved or whitelisted by Play Protect? Are there any alternative ways to manage Android devices at scale (outside of AMAPI or legacy EMM)? How can new developers or startups gain access to Android Enterprise features when onboarding is currently restricted? Any help, direction, or shared experience would be greatly appreciated. Thanks, Kulwinder
Google services
We have a cloud customer on SoTI mobicontrol who wants to block all outbound traffic in their firewall and only allow what is strictly required. I’ve provided the customer with the official system requirements for SOTI MobiControl and Android Enterprise. However, the customer is only familiar with managing Apple devices and is looking to open the absolute minimum necessary for Android Enterprise to function — particularly avoiding wildcard domains (*) where possible. Can anyone help clarify which Android Enterprise network requirements are actually essential, especially when it comes to Google services, and which ones we can safely leave out? No file sharings, and remote control will be allowed by the customer.
Migration from Airwatch to Android Management API
One of our customers is currently onboarded to Airwatch to manage their devices, but they want to move to our Android Management API (AMA) based device management solution. Is there any support available to silently migrate these devices? Or is the only way to wipe the devices and onboard AMA. I see there is support if we own the custom DPC application. But in this case since its owned by Airwatch its out of our control.
Zero Touch Customer API Feature Request
{written in Gemini ;) who literally wrote this out perfectly} I'm requesting an enhancement to the Android Device Provisioning API (Zero Touch) to include filtering capabilities, specifically the ability to filter devices by serial number (and other relevant fields) in the initial API call. Current Situation: Currently, the API lacks direct filtering. As demonstrated in the code below, to find a device by its serial number, we must: Make a call to list all devices for a customer. Iterate through the entire list of devices in the response to find the specific device. Iterate through any following pages if not found on the first page. This is inefficient, especially for customers with a large number of provisioned devices. const listDevicesUrl = `https://androidprovisioning.googleapis.com/v1/customers/${customerId}/devices`; // ... const listResponse = await fetch(listDevicesUrl, { ... }); const listData = await listResponse.json(); let foundDevice = null; if (listData && listData.devices) { foundDevice = listData.devices.find(device => device.deviceMetadata && device.deviceMetadata.serialNumber === serialNumber); } Desired Feature: I propose adding a filter parameter to the device listing API, allowing us to directly query for devices based on specific criteria, such as serial number, manufacturer, model, and IMEI. For example, the API call could look like this: https://androidprovisioning.googleapis.com/v1/customers/{customerId}/devices?filter=serialNumber={serialNumber} This would significantly improve the efficiency of device management and reduce the amount of data that needs to be transferred and processed. Benefits: Improved Efficiency: Reduces the number of API calls and the amount of data transferred. Faster Processing: Speeds up device identification and management operations. Reduced Load: Decreases the load on Google's API servers and client applications. Simplified Development: Makes it easier for developers to integrate with the API. I believe that adding filtering capabilities to the Android Device Provisioning API would be a valuable improvement and would greatly benefit the Android Enterprise community. Thank you for considering our request.Managed Play Store keeps asking for Google Play services Update
Hey! I noticed a little bug today and wanted to ask if anyone else is experiencing this. With the update to Play Store 46.1.37-31 [0] [PR] 755161904, a push message informs you that Google Play Services must be updated. With a COPE device, this only occurs in the work profile. Even if Google Play Services is updated to the latest version (25.18.33 (190400-756823100)), the message appears as soon as you open the Managed Play Store. Lizzie Is there anything known here? The Managed Play Store works normally despite the warning in the push message. I would also have logs if required.
