Fido2 key and their issues using them on Android
First, do Android support using Fido2 keys on Android? Yes, it does support both using bluetooth, NFC and USB authentication. For reference: https://developers.google.com/identity/fido/android/native-apps But does it mean that it is straight forward to use it in a enterprise environment without hiccups? No, the support lacks many features that both Windows and iOS has supported for long time. If I buy a modern Fido2 with OTP support, will it work straight out of the box for using the USB? No, you need to disable the OTP support first. Here is how you can do that from yubikey manager, this works for Yubikey. Other vendors might have something similar. But for Fido2 keys without OTP support, it should work out of the box for USB-C, like Google titan. Why this happens, dont know. Can we use NFC for Entra ID authentication like we can on Windows and iOS? No. Android does not currently support CTAP2 for NFC, only for USB-C input. CTAP1 (FIDO U2F) supports certificate based authentication, but CTAP supports user verification with PIN and biometrics. Entra ID requires UV (user verification) before accepting login. As far as I know, there is also support for bluetooth. But I dont have any fido2 keys that support bluetooth yet. So why does this matter? With Android you can have shared devices with secure login for multiple users with a single log in for all supported apps, auto log off and many other possibilities. https://learn.microsoft.com/en-us/entra/identity-platform/msal-shared-devices Other sources/discussions: https://www.reddit.com/r/yubikey/comments/1oncuh2/whats_the_point_of_nfc_on_android/ https://www.reddit.com/r/yubikey/comments/13tlzoc/fido2_inconsistent_across_windowsandroid/ https://fidoalliance.org/specifications/
GBoard - Suggestion Strip
Hi, We want to use GBoard on kiosk devices but we aren't able to remove the suggestion strip using managed configurations. All other settings can be configured fine though. The show suggestion strip configuration is set to disabled. But with versions 15.x and 16.x of GBoard it's still visible on the devices. And when checking the setting locally on the device it's still enabled (Disabling manually works fine) Back in version 14.x this configuration worked fine. Anyone else who has experienced the same thing? We've tested this on devices from Samsung, Bluebird, ELO, and Zebra. Android version doesn't seem to have any impact, just the GBoard version. // Magnus
Android 15 - Cannot set default password app
We use Microsoft Intune to manage devices. For the devices which have upgraded to Android 15, the end users can no longer select Microsoft Authenticator as their default application for auto filling passwords. I cannot find any settings in Intune to allow it. All devices are fully managed corporate owned devices. The devices are all Google Pixel 8 or 8a devices. Is this a bug in 15 or am I missing something?
Install client certificate via Android Management API Policies - OncCertificateProvider
Hello community, I am trying to install a client certificate on fully managed Android devices. The devices have been enrolled via Android Management API. The docs show that there is a OncCertificateProvider policy, but it says it is "not generally available". What does that mean? Will it be available in the future? Where can I apply for using this policy? The specific thing I want to achieve is configuring Cisco AnyConnect/SecureClient with cert authentication. The managed config of the Cisco app allows me to set a "KeyChain Certificate Alias", but I first need to get the cert into the Android KeyChain somehow. I also tried to send the client cert via openNetworkConfiguration, but it does not appear in the key chain (in the settings app) of the device, although the policy is applied without any problems (as reported by Android Management API). I guess those certs here are only used for network config and not stored in the key chain for usage with e.g. VPN apps. Thanks.My application was rejected
Hello, good afternoon everyone. I'm writing to this forum to ask for help. A few weeks ago, I applied for the EMM and Enterprise Android Partner program. My application was rejected without any explanation in the emails. I'd like to know the requirements to join the program. We are a development company based in Guatemala and the United States (and soon in Mexico and Colombia), as we currently have a client requesting an MDM system for their Android device retail store. This is our first time applying to this program so we can offer our services to this client and any future clients who might be interested. If you could send me the program requirements so I can apply correctly, I would be very grateful. Have a good afternoon. Greetings from Guatemala.
zero-touch; Owner credentials lost
Hi, we have a few Zebra devices registered for zero-touch and plan to use zero-touch for all regular mobile devices. the registration and all existing accounts linked to it was created by team members that are unfortunately no longer with us. i do have access to one account with administrator permissions but the account with the "owner" permission was not handed over and credentials are basically lost. which steps are necessary to recover ownership?
Issues with use of Personal Digital Certificates on Android Devices Managed via Google Workspace MDM
Hello everyone, I’m reaching out from my company as we have encountered an issue with the installation and use of personal digital certificates issued by FNMT (Spain) on Android devices managed through Google Workspace MDM. The certificates install correctly, but apps that should use them (e.g., for Wi-Fi authentication or access to internal services) do not detect or recognize these certificates. We have tested on unmanaged Android devices, and the certificates work fine there, so it seems related to Google Workspace MDM management. We’ve confirmed with the certification authority (FNMT) that their certificates comply with standards. Google mentioned that MDM should not block certificates unless there is a policy configured to do so. However, this problem seems to persist regardless. Additionally, other companies have reported similar issues with personal certificates issued by different certification authorities, which suggests a possible systemic incompatibility or configuration issue within the Google Workspace MDM environment affecting the proper functioning of these certificates. Has anyone else experienced this? Are there known workarounds or configuration tips that could help? Any insights or advice would be greatly appreciated. Thanks in advance! FranciscoAccent on french keyboard has changed in Android 15 (and also 16)
Hello, Since android 15, some characters are not taken into account correctly. For example the tilde character is showned on top if you use an external keyboard (Alt Gr + "é") and is showned on the middle of the character if you use the onscreen keyboard. Example in android 16 (but 15 seems to be the same): On external keyboard: "˜" On onscreen keyboard: "~" In our barcodes we sometimes use this character and thus it is an issue after updating to Android 15 the devices in production. does other French people see this or any character change ? (It seems the "¨" also changed) Lizzie , is there someone in your contacts we can discuss / exchange with on this topic ?
How to view and remove enrolled devices, and how quotas are applied
We are developing a solution using Android Management. While enrolling a fully managed device, provisioning now fails with: - "Can't set up device" - "Since your organization reached its usage limits, this device can't be set up." This did not occur until yesterday. We are trying to determine whether this quota limit is enforced by the Android Management API (EMM side) or by Google Workspace when connecting to a third‑party EMM. If the limit is on the EMM side, is the quota granted per project? We have two Google Cloud projects using the Android Management API; the issue is only affecting the newer project. Questions: 1) Where can we monitor quota usage for Android Management? 2) If we have reached a quota, is there a way to remove previously enrolled test devices, and would that resolve the issue? 3) Where can we find detailed information about quotas and currently enrolled devices?
Google keyboard not appearing automatically
Have a bit of an emergency where after the latest Gboard update, when users tap an input field, instead of Gboard just showing up as normal, a menu bubble is appearing instead where they have to tap it and select the "show on screen keyboard" option. I haven't been able to locate Google's release notes for Gboard to see if there was something that changed. Any ideas would be greatly appreciated!
