No accounts found Zero touch
as per : ZTE Portal - no account found | Android Enterprise and ChromeOS Customer Communities - 4093 I'm an admin of a Google workspace instance, let's call it Acme, LLC. This is Google Workspace Business Plus I'm an admin (not owner) of a Android Zero Touch instance, with the ability to make changes to: Configs Devices Users Resellers, etc I've logged into Workspace.google.com for Acme, Inc. Gone to Devices, Mobile & Endpoints, Settings, Enrollment, Manage Zero Touch devices, Link, log in using AZTE user and get the rather lovely: MDM is set to advanced, by the way
Fido2 key and their issues using them on Android
First, do Android support using Fido2 keys on Android? Yes, it does support both using bluetooth, NFC and USB authentication. For reference: https://developers.google.com/identity/fido/android/native-apps But does it mean that it is straight forward to use it in a enterprise environment without hiccups? No, the support lacks many features that both Windows and iOS has supported for long time. If I buy a modern Fido2 with OTP support, will it work straight out of the box for using the USB? No, you need to disable the OTP support first. Here is how you can do that from yubikey manager, this works for Yubikey. Other vendors might have something similar. But for Fido2 keys without OTP support, it should work out of the box for USB-C, like Google titan. Why this happens, dont know. Can we use NFC for Entra ID authentication like we can on Windows and iOS? No. Android does not currently support CTAP2 for NFC, only for USB-C input. CTAP1 (FIDO U2F) supports certificate based authentication, but CTAP supports user verification with PIN and biometrics. Entra ID requires UV (user verification) before accepting login. As far as I know, there is also support for bluetooth. But I dont have any fido2 keys that support bluetooth yet. So why does this matter? With Android you can have shared devices with secure login for multiple users with a single log in for all supported apps, auto log off and many other possibilities. https://learn.microsoft.com/en-us/entra/identity-platform/msal-shared-devices Other sources/discussions: https://www.reddit.com/r/yubikey/comments/1oncuh2/whats_the_point_of_nfc_on_android/ https://www.reddit.com/r/yubikey/comments/13tlzoc/fido2_inconsistent_across_windowsandroid/ https://fidoalliance.org/specifications/
Unable to upload bulk CSV file to ZeroTouch
Hi Team, Is there currently an issue uploading a bulk .csv file to ZeroTouch? It's giving me an error. See below. Steps below: I downloaded the sample .csv file then updated it with my data, then uploading it again to the portal as is without changing the name or file extension as seeing above, yet its giving me an error. This was working not long ago, just wondering if there is currently an issue. ThanksAndroid 15 Setup Wizard loops at âAccept Google Servicesâ on Lenovo Tab M11 (TB311FU)
Hi all, I'm running into a blocking issue provisioning brand-new (and factory-reset) Lenovo Tab M11 - TB311FU devices on Android 15 with Android Management API (fully managed / dedicated, kiosk). On Android 14 everything worked fine with the exact same policy and enrollment flow. The issue only started after updating to Android 15. (this is my test device, i constantly factory reset it) Expected behavior: Standard QR (6-tap) provisioning to proceed past the âAccept Google Servicesâ screen, install Android Device Policy, enroll to my enterprise, and apply the kiosk policy, install app, and done. What happens instead: After Wi-Fi and scanning the AMAPI QR token, Setup Wizard reaches âAccept Google Servicesâ. Tapping Accept shows a spinner, then it returns to the same screen (loop). I simply cannot get past this point. If I reboot at this point, on the very first Welcome screen the device sometimes becomes unresponsive (neither 6-tap nor âNextâ reacts) until I factory reset again. Is there a known Android 15 Setup Wizard issue that can cause a loop at âAccept Google Servicesâ on Lenovo TB311FU? Any workarounds you'd recommend to get past the acceptance loop? When factory resetting, and setting up the tablet without scanning the qr code, i get past the Google Services no problem. When i install via qr-code on new fresh never used before tablets, that come pre-installed with Android 14, i don't have any issues. Same policy, same everything... except the Android version. Thanks in advance! /B
Rejection From AM-API initial quota approval
So, we were developing our EMM solution (almost done), and now for deployment purposes, we had to apply for an initial quota via the form. apparently we got a rejection email, stating the use case violates the permissible usages which i've ready and doesnt look like we do. I'd like to reach out to those folks (or if someone can help me connect to them) and try to understand their POV and clarify in case of any mis-phrasing from my side (since english isn't my first language) Regards, Rino JamesSet up a new Android Enterprise domain in Intune/EMM when an old-style Google Account is still connected
Hi, I have a situation similar to this older discussion - situation as follows: My EMM is MS Intune. Managed Goole Play Store was set up in April 2024 before the new method of creating Android Enterprise admin accounts on a managed Google domain - using a normal Gmail account This Gmail/Google account was forcibly deleted in the last month, presumably for inactivity, as the first linked discussion describes. Only the final termination email was ever sent to the recovery email, no other warnings were received. Recovery was not possible (it just said that no recovery methods were set up, even though there was a recovery email - hence the warnings...!) and now the account shows as nonexistent rather than potentially recoverable, although it's less than the quoted 30 days that recovery is available. I have seen (Community Manager) Lizzie's helpful posts and advice from a couple of years ago, including this article describing the potential for having support migrate the EMM bind from one account to another. However, I don't yet have another account to migrate to, since I would be moving from an old Gmail account to a new managed domain account - which I don't yet have, as I can't sign up as a 'new customer' to Android Enterprise within Intune, because the old bind still exists, and I haven't found anything to tell me how to sign up other than going through the EMM. I want to keep the old bind active so it doesn't break existing devices, even though I think that's what's stopping me signing up to Android Enterprise in the new way. Removing this existing orphaned bind will break everything, and Lizzie's info in other posts has suggested that the bind will stay mostly-working if left alone, whereas removing it will trigger retirement of all devices. MS/Intune support don't seem to be aware of the possibility of contacting Google support to migrate a bind, but even if they were, I don't yet know what to tell them (as I have no new destination account, of course). They just advise me that it will need a new account and re-enrolment of all devices, which I'm hoping to avoid. I know this is convoluted, but that's why I was hoping for help. Is there a way to get a new Android Enterprise admin account set up, using the new managed domain method, without breaking the existing bind - and then to migrate the bind across? Thanks Dev
Enable third party EMM (Intune)
So I am trying to enable Managed Google Play in Intune to use for Android device management. We already have a managed Google domain, but we have device management turned off. To my knowledge we only use it for Workplace. When I try to enable managed google play in Intune I get two different error messages Any ideas or tips of what we need to enable or open up in the Google admin console to enable third party EMM? Does the account I am using to enable managed google play have to be a google super admin or something?
Android 15 - Cannot set default password app
We use Microsoft Intune to manage devices. For the devices which have upgraded to Android 15, the end users can no longer select Microsoft Authenticator as their default application for auto filling passwords. I cannot find any settings in Intune to allow it. All devices are fully managed corporate owned devices. The devices are all Google Pixel 8 or 8a devices. Is this a bug in 15 or am I missing something? â
