Need Help with QR Enrollment for Multiple Devices in Educational Environment – Is External MDM Required?
Hi everyone, I'm managing a large number of Android tablets in an educational environment. I'm trying to enroll the devices using Android Enterprise with QR code enrollment, but I'm having trouble getting the QR method to appear. So far, only Zero-Touch shows as an option, but most of our devices were not purchased through Zero-Touch resellers, so we can't use that method. My main question is: Is it strictly necessary to use an external MDM (like Miradore, Intune, etc.) to generate the QR code, or is there a way to create and use it directly from the Google Admin console or natively through Android Enterprise? We want to deploy the tablets efficiently and avoid entering accounts manually. Ideally, each device would automatically enroll with our managed Google Play account by scanning a QR code after a factory reset. This is especially important in a school context, where we have many students and limited time for configuration. We are already registered in Google Workspace, and the tablets are in a dedicated organizational unit for students. The admin account is managed, and we are using the Android Enterprise platform linked to our domain. For reference, here are two YouTube videos showing the configuration steps I followed (which reflect our current setup): https://www.youtube.com/watch?v=jI-C_y1u8jE https://www.youtube.com/watch?v=h__pvfp559Q Any advice or clarification would be greatly appreciated. Especially if there’s a native way to enable QR enrollment without needing a full external MDM platform. Thanks in advance!
Zero Touch Portal - Error Message
Hi Team, I have created a new configuration item and linked it to Microsoft Intune token. Then I have decided to remove the Intune token configuration before removing the configuration file from Zero touch (which I dont think it should matter). Then I went to remove the configuration item from Zero touch and was getting a strange error message, see below. Now I'm left with a configuration item in Zero touch that I can't remove. Can someone please help or reach out, that would be great. Also, let me know if there is anything else you require from my end.Does anyone allow multiple users on their Androids?
I've got a use case for some multi-user Android tablets and I'm trying to figure out the best solution. I know Android allows you to create secondary users by default but it appears that Microsoft Intune is disabling this setting automatically. Doesn't seem to be a way to allow it given that the only options are block or not configured. I put in a ticket with Microsoft and I'm sure their answer will be to use Microsoft Entra Shared Mode and the Managed Home Screen but that doesn't work very well. Also, it appears multi-user functionality is documented by Google and an EMM can set it up so the user can create secondary users using the standard Android settings or the DPC can create the secondary user. Also looks like there's some work to be done as far as making sure the DPC can still manage the secondary users as well. https://developer.android.com/work/dpc/dedicated-devices/multiple-users So I am curious for those using other EMMs: do you allow secondary users on any of your Android devices?
MDM configuration became lost
A few years ago we added an MDM configuration to our app, according to the straightforward guide Setup managed configuration Previous month we released a new 15.0.0 version of our app, IQ SmartApp Enterprise Besides other changes, in this release we removed one option from the MDM configuration XML, a deprecated boolean parameter. Indeed the XML validity wasn't broken, no related changes in the app Manifest or so on. However our customers started to complain, that app lost the ability to configure MDM parameters. Also, when adding the app to Approved list on MDM Solutions (we checked on HMD and TinyMDM), in the app details was lost a badge "Tis app offers managed configuration". If download AAB and/or APK from Google Play Console and unpack them, or open them in Android Studio, the required Android Manifest parameter "android.content.APP_RESTRICTIONS" is present and pints to MDM XML config file which is also present in the AAB or APK. If check the APK, taken from Google Play Console, locally with TestDPC app, the managed configuration is also present. Can you please help to understand, what's going on? As for me, removing one of the MDM parameter from the managed configuration config shouldn't be a reason of disappearing the whole managed configuration. Which is actually present in the AAB or APK builds.
Play Protect Blocking Custom DPC Apps — How to Get Approval or Alternatives?
Hi everyone, I'm a developer who helps enterprises build custom DPC (Device Policy Controller) Reference Documentation apps to manage Android devices based on their unique requirements. Recently, Play Protect has started blocking the installation of custom DPC apps, even when these apps are signed and used internally. The warning claims the app may pose a risk due to access to sensitive data - even though it's strictly for enterprise use. To make things more difficult: Google is no longer accepting registration of custom DPC apps with Android Enterprise, which limits official distribution and management options. Android Management APIs don’t support all use cases, and also have quote limit. I’ve applied twice to join the Android Enterprise portal to build a SaaS-based device management platform, but both requests were rejected without a clear reason. My questions for the community: Is there any official way to get a custom DPC app approved or whitelisted by Play Protect? Are there any alternative ways to manage Android devices at scale (outside of AMAPI or legacy EMM)? How can new developers or startups gain access to Android Enterprise features when onboarding is currently restricted? Any help, direction, or shared experience would be greatly appreciated. Thanks, Kulwinder
Google services
We have a cloud customer on SoTI mobicontrol who wants to block all outbound traffic in their firewall and only allow what is strictly required. I’ve provided the customer with the official system requirements for SOTI MobiControl and Android Enterprise. However, the customer is only familiar with managing Apple devices and is looking to open the absolute minimum necessary for Android Enterprise to function — particularly avoiding wildcard domains (*) where possible. Can anyone help clarify which Android Enterprise network requirements are actually essential, especially when it comes to Google services, and which ones we can safely leave out? No file sharings, and remote control will be allowed by the customer.
Migration from Airwatch to Android Management API
One of our customers is currently onboarded to Airwatch to manage their devices, but they want to move to our Android Management API (AMA) based device management solution. Is there any support available to silently migrate these devices? Or is the only way to wipe the devices and onboard AMA. I see there is support if we own the custom DPC application. But in this case since its owned by Airwatch its out of our control.
Caching Google Play Applications for Deployment via EMM
Hi, Does Google offer any caching service to help reduce bandwidth usage when deploying apps through an EMM solution? For example, in the case of public iOS applications, Apple provides a Content Caching service that speeds up downloads and reduces bandwidth consumption: https://support.apple.com/en-gb/guide/deployment/depde72e125f/web. Regards.
Device Attestation: Auto-Select Client Cert + User Login on Android
Hi everyone, I’m trying to use client certificate authentication (mTLS) with Chrome Custom Tabs on Android. We want to automatically select the client certificate without prompting the user, and also ask for their username and password as part of the login process. This way, we can combine both certificate-based authentication and user credentials for device attestation. On desktop Chrome, this can be done using a policy like AutoselectCertificateForUrls, but it seems this doesn’t work on Android. If this is a known limitation, is there a way to request this feature from the Android or Chrome team?
