cope
11 TopicsZero Touch MDM Phones Randomly Factory Resetting
Hello We have been having an issue over the past few weeks/months where Android devices are randomly resetting. The phones are zero touch enrolled and managed by Intune via COPE, we apply configuration and compliance policies to these devices. One of these configurations enforces a device wipe after so many failed pin code failures. This is the only known wipe configuration set on the devices. We have exhausted the configuration side and do not see a root cause other than user error, however this is not really likely given it takes some effort to actually do this. From googling online, we can see that this may be an issue relating to the play version not updating correctly, is this still an issue? Random factory resets after devices complete GZT configuration. | Android Enterprise Customer Community - 2236 These devices are a mix of newly enrolled and also old enrolled devices. They have also been setup with Wi-Fi. Thanks84Views0likes2CommentsWidgets on COPE - MS Intune
Hey, Unfortunately there are no settings and/or no chance configure Widgets on COPE in MS Intune. There is specific setting in Intune restrictions config profile to allow/disallow Widgets for BYOD method. Is this problem tied only MS Intune or is this something for Google? Majority of our 10k fleet enrolled as COPE and it's a big gap not having widgets available for Work Apps. Thanks Jarmo8KViews0likes19CommentsZTE - Unable to Bulk deregister devices
Hi Team, Im having issues when trying to do a bulk device deregister. Getting an error message "Something went wrong - Try uploading your file again" and its not telling me what the issue is. My current file format is .CSV and the table is as follow: modemtype modemid manufacturer profiletype owner IMEI 123456789012345 Motorola ZERO_TOUCH 0 Can you tell me what I'm doing wrong? Thanks ----------------- I'm following the below instructions: https://support.google.com/work/android/answer/7514005#csv&zippy=%2Cdevice-configuration-csv-file-format%2Cdevices%2Capply-a-configuration-to-many-devices%2Cderegister-a-device Bulk deregister devices Deregistering multiple devices in bulk can be done using a device configuration CSV file. To do this: Create a device configuration CSV file including every device you wish to deregister. Replace the 'profileid' column in this CSV file with a column titled 'owner', and set the values in this column to 0. Re-upload the CSV to your portal.16Views0likes1CommentEnhancing Android Enterprise OS Update Management
Hi, The way the Android API implements OS update management on Android Enterprise devices is not particularly useful for devices with user affinity. Are there any upcoming API changes for EMM solutions like Microsoft Intune? From my experience with the current API: AUTOMATIC – The OS update is installed as soon as it becomes available via OTA, which is not practical for real-time scenarios. WINDOWED – Similar to AUTOMATIC but with the limitation that OS updates can only be installed within a defined maintenance window. This means that if a user needs to update their device due to a software bug fixed in the latest OS version, they may not be able to do so immediately if the maintenance window is set outside working hours. Source: https://support.google.com/work/android/answer/13791272?hl=en#zippy=%2Cmanaging-system-updates-using-system-update-policies Suggested Improvements: Provide an option to control OS updates on BYOD (Work Profile only). I understand that when enrolling a device through Work Profile, only the work container can be managed via EMM. Google may need to reconsider this approach. It would be beneficial to have an approach similar to Apple’s, where EMM admins can manage OS updates (e.g., push specific updates, set deadlines, etc.) through DDM (Declarative Device Management - Source: https://support.apple.com/en-gb/guide/deployment/depc30268577/web ), even on BYOD devices (Device Enrollment) — without requiring supervision like DO (Device Owner mode). I’m aware that Samsung Knox E-FOTA exists, but it is limited to Samsung devices. Expanding this capability to all Android devices (like Google Pixel devices) would greatly improve update management in enterprise environments. BR, Marco131Views2likes5Comments(COPE) Hide app in work profile
Hello, I have a small case I'd like to submit to the community for help please. A customer use Mobile Iron, and use Zero Touch to enroll our Android 14 products. In their DPC extras, they enabled the system apps and need to keep that way: "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true, "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{ "workProfileEnabled": true, "quickStart":"true" } Now after the device is enrolled, the Work profile is filled with bunch of apps including unwanted ones like Netflix, Adobe, YT kids, ... From Mobile Iron, they want to hide/disable some apps, using "setApplicationHidden" but it doesn't work. At OEM side, we tested this API with the Test DPC and it works properly. My thinking was that as we are in COPE, and the apps that the customer wants to remove are from the Personal space, then this is not working as the MDM cannot interact with Personal space content. Does this make sense? Are there a way to hide the unwanted apps from the Work profile, despite having "leave all system apps" enabled from the ZT DPC extras? Anyone has any suggestions please? Thanks!270Views3likes13CommentsBasic WiFi-profiles (configuration profiles) do not deploy into Device
Dear all, Since three weeks ago we noticed issue to deploy basic Configuration profiles (WiFi) into devices (MDM is Intune). Problem ONLY occurs with newly enrolled COPE devices running on Android 15. So we think it's Android 15 (Google) issue on COPE enrolled devices because all the other scenarios working fine: BYOD enrolled devices get WiFi profiles successfully deployed to device (Android 14/15) COPE enrolled devices get WiFi profiles successfully deployed to device (Android 14) COPE enrolled devices do NOT get WiFi profiles successfully deployed to device (Android 15) Anyone else noticed the same/similar issue with Configuration profiles with Android 15 clients? Best Regards JarmoSolved2.9KViews2likes19CommentsRequest for Android Community: Advice and Help on Playing Pre-Recorded Voice on Calls
To the Esteemed Android Developer Community, I am seeking your expert advice to understand whether my task is feasible on the Android platform. I aim to implement the following functionality: Task Description: Objective: I want to create an Android app that plays a pre-recorded voice message during a phone call. The app will: Automatically answer an incoming call when it is ON. Play a pre-recorded audio file stored on the user's phone (recorded by the user). Audio Content: “I am busy right now, call back after some time.” Disconnect the call after playing the message. Usage Scenario: This feature will be used only when the app is ON. It is intended for times when the user is busy and wants to inform the caller without manually attending the call. Key Requirements: Detect and answer incoming calls automatically. Play the recorded voice message to the caller. Ensure the caller hears the message clearly on their end. Disconnect the call programmatically after the message is played. Questions for the Community: Is this Task Feasible? Can the Android platform route a pre-recorded voice file to the call audio stream (STREAM_VOICE_CALL) so the caller can hear it? Are there technical or carrier-level restrictions that could prevent this functionality? Android APIs or Services: Are there specific APIs, such as TelecomManager, CallScreeningService, or AudioManager, that can handle this requirement effectively? Privacy and Legal Concerns: Are there any privacy or legal considerations (e.g., notifying the caller) that I should be aware of when implementing this feature? Compatibility Across Devices: How can I ensure compatibility across different Android devices and versions (API 26 and above)? Additional Information: Voice File: The pre-recorded message is stored locally on the user’s phone in a secure folder. App Activation: The functionality will work only when the app is manually turned ON by the user. Intent: This is a personal productivity tool to handle calls during busy periods. Help Needed: Advice: Can you confirm whether this task is achievable on the Android platform with existing APIs and hardware? Are there specific approaches or best practices to consider for implementing this? Code Implementation: I am looking to hire an experienced Android developer who can: Write fully working code to achieve this task. Ensure the solution is robust, privacy-compliant, and compatible across devices. I deeply appreciate the Android community's expertise and guidance. Your input will help me determine the feasibility and approach for this project. If you have any suggestions, insights, or are interested in developing this, please reply to this request.309Views1like2CommentsCopy-paste issue (COPE)
Hello Everyone, I have a slight issue with copy-paste on Corporate owned, personal enabled devices (COPE) managed via Intune. To put it simple - people can copy text from work profile to personal. Happy to be pointed to the basics if I missed something obvious, but I feel stuck. Intune configuration for COPE devices has 2 values: "allow" or "not configured" (not helpful). I had support cases open with Microsoft and Samsung, but former blames OS defaults, while latter blames Intune (not helpful). I couldn't identify the setting in OEMConfig (Knox Service Plugin), so got Google Enterprise account, configured it for Zero Touch enrolment using Intune token and realised that I was looking into "crossProfileCopyPaste" control and don't have a clue how to use it in DPC extras and if that's even possible. Is it possible to use AMAPI with Intune management? If yes, does anyone have any examples? What are other ways to restrict copy-paste from work profile to personal? I find it difficult to believe I'm the only one having the issue. Thank you in advance12KViews1like29CommentsFactory Reset Protection and Captive Portals
A bit of background on this, we're currently moving to use COPE Enrolment for all of our devices after using BYOD Enrolment for devices purchased by our org. Utilising BYOD we had issues with users signing into their gmail accounts and leaving the business and we were locked out of the device by Factory Reset Protection (We've used Knox Mobile Enrolment to solve this). This all made sense as it was a BYOD device and for consumers etc it makes a lot of sense. The problem we've encountered is even with COPE enroled devices, if a user doesn't remove their gmail account from the personal profile before resetting the device when the device is used again you're unable to use a Captive Portal network for setup again and this error message is received - "Unable to sign in to Wi-Fi AP. An unauthorised factory reset has been performed on this device. the sign-in screen cannot be accessed." Even after enrolling the device using a WPA2/3 Network and signing in with the google account in question and manually removing it then resetting the device we still have this issue, it's as if the FRP flag gets set and isn't being removed for some reason. It seems odd any network and even cellular allows you to continue but a captive portal connection doesn't. Has anyone else encountered this issue? Thanks.Solved9.5KViews0likes12CommentsSamsung Secure Folder and DUAL messenger features - not available in COPE
Dear community, hope everyone had lovely Christmas time! I just wanted to raise one issue you also might been run into. It's about Samsung Secure Folder and Dual Messenger features on COPE enrolled devices. Unfortunately these features are not available in COPE enrolled Samsung devices. We used to have all 10k fleet enrolled as BYOD and Secure Folder/Dual Messenger features were/are available. Now only personal owned devices are enrolled as BYOD and corporate owned devices are enrolled as COPE method. Unfortunately there is no setting available for us to make this work on the COPE enrolled devices on EMM side. According to Samsung, they have not updated Secure Folder software in 5 years and and don't necessarily expect we will get any update. The "error message" is very misleading: "Security policy prevents the installation of Secure Folder". Because there is no security policy setup in EMM (Microsoft Intune) for this feature. It's just pure Samsung thing. As mentioned... Samsung Secure Folder solution does not work on COPE enrolled Samsung devices but nice surprise is that on ThinkPhone (Motorola) , Secure Folder works even on COPE. This also implies that Samsung really could make it work if they wanted to put in the development effort, as it is not totally restricted by the Android Enterprise architecture of COPE since the ThinkPhone is able to do it. But so far Samsung does not seem to still support this app much. More on this topic from here: https://communities.vmware.com/t5/Workspace-ONE-Discussions/Android-Samsung-Impossible-to-enable-Dual-Messenger-feature-or/td-p/2260737 -jarmo6.8KViews1like4Comments