fully managed

47 Topics

Play Protect Blocking Custom DPC Apps — How to Get Approval or Alternatives?
Hi everyone, I'm a developer who helps enterprises build custom DPC (Device Policy Controller) Reference Documentation apps to manage Android devices based on their unique requirements. Recently, Play Protect has started blocking the installation of custom DPC apps, even when these apps are signed and used internally. The warning claims the app may pose a risk due to access to sensitive data - even though it's strictly for enterprise use. To make things more difficult: Google is no longer accepting registration of custom DPC apps with Android Enterprise, which limits official distribution and management options. Android Management APIs don’t support all use cases, and also have quote limit. I’ve applied twice to join the Android Enterprise portal to build a SaaS-based device management platform, but both requests were rejected without a clear reason. My questions for the community: Is there any official way to get a custom DPC app approved or whitelisted by Play Protect? Are there any alternative ways to manage Android devices at scale (outside of AMAPI or legacy EMM)? How can new developers or startups gain access to Android Enterprise features when onboarding is currently restricted? Any help, direction, or shared experience would be greatly appreciated. Thanks, Kulwinder
Solved
Kulwinder
22 minutes ago Place General discussions
529Views
4likes
12Comments
Enrollment failing - Could not update Webview
We have reports of devices no longer being able to enroll. Our policy has a FORCE_INSTALL of Android Webview (com.google.android.webview), with a minimum version set to 593815300. Reproduced here with an Acer ACTAB10KB24. If I remove the minimum version requirement, I can enroll the device, and also update the webview to 139.0.7258.158. Why isn't the configuration with minimumVersionCode set working? We have previously enrolled many of these, but from our logs the latest successful enrollment was on the 16th of August (2025).
Jarle
3 hours ago Place General discussions
26Views
0likes
5Comments
Looking for solutions to assist in Bulk Management (Wipe) of Android Enterprise devices
Hi everyone, I'm turning to the community to see if there are any solutions being used out in the wild that assist with bulk wiping Android devices. I suspect that what I'm asking may not be possible - mainly due to the nature of Android Developer Options, USB Debugging etc. - but I've been I've been tasked by our management to investigate and possibly propose a solution. As an example, we currently use several Cambrionix ThunderSync3 16 port devices to DFU both iOS and macOS devices but they don't offer a similar solution for Android. Are there any solutions that can be used either in tandem with docking stations like Cambrionix or some other. Our use case is Work Managed and we use Omnissa Workspace ONE UEM to manage the devices. The devices themselves are Pixels and Samsungs. and each device is loaded into either the Google Zero Touch Portal or the Samsung Knox Portal. The expectation is that when a large number of Androids are returned for whatever reason, we'd like to be able to plug the device into a "station" and programatically wipe them en masse. Personally, I think we need to simplify our returns process and use the MDM in a controlled environment but I have to have asked these questions, due diligence and all that. Thanks in advance for your input.
Solved
Skysurfer
7 days ago Place General discussions
29Views
0likes
3Comments
Custom app installation with AMAPI
Thanks to the keen eye of jasonbayton for spotting this update in the documentation: https://developers.google.com/android/management/manage-custom-apps The lack of this feature has been a key reason I've avoided any AMAPI based EMM (looking at you Intune!) for fully managed device deployments. This is certainly a welcome enhancement to AMAPI and one that I'm honestly surprised Google delivered on. I think I can finally see the writing on the wall that Custom DPC will eventually now die given that AMAPI is finally catching up. I still need file system push and pull for it to truly be a replacement but this is a major step in the right direction. What are the community thoughts on the matter?
mattdermody
17 days ago Place General discussions
76Views
0likes
1Comment
Support for a Single VPN Instance Shared Across All Users on a Corporate-Owned Device
Hello everyone, I am exploring how to reduce resource usage on corporate-owned Android devices that are configured with multiple users or profiles. Currently, Android's VPN framework is per-user: Each user (or work profile) maintains its own VPN state. An Always-On VPN can only be configured within the context of the current user or profile. This means that if a device has several users, each user needs to run a separate VPN instance. This design results in unnecessary duplication: Multiple VPN processes or tunnels are active on the same device. System resources (CPU, battery, memory) are consumed redundantly. The VPN app itself must be installed and configured multiple times. My request/idea: Enable a single VPN instance at the device level (not just per-user), so that one VPN tunnel can secure network traffic across all users and profiles. This would: Greatly reduce resource waste. Simplify deployment and management for IT admins. Prevent the need for each user or profile to maintain its own VPN connection. Questions for the community and Google team: Is there any existing mechanism (documented or OEM-specific) that allows a VPN to operate at the device scope rather than user scope? Are there any roadmap plans to support device-level VPN in Android Enterprise? If not currently supported, could this be considered as a feature request for future Android versions? This would be particularly valuable for dedicated devices and shared device scenarios where multiple users must access corporate resources, but IT only wants to maintain one VPN tunnel. Looking forward to your insights and to hear whether others face the same challenge. Thank you.
Solved
Fxzxmicah
20 days ago Place General discussions
106Views
0likes
8Comments
Is there any way to disable Google Play Protect (GPP) from an EMM or to otherwise whitelist apps from scanning?
I am very concerned about the Enhanced GPP features coming soon that are currently being piloted in other regions. https://security.googleblog.com/2023/10/enhanced-google-play-protect-real-time.html This is not a welcome feature whatsoever for the fully managed space where we have business apps written internally that are being installed on business devices, owned by that business. In no way do we want Google sitting in between deciding whether a very legitimate app written internally for an organization should be installed on devices that are purchased and owned by the same organization on fully managed devices. I would like a way to disable GPP completely, or at a minimum whitelist applications from scanning as we don't want Google interfering in the business operations. GPP is a helpful consumer protection features but fully managed devices should have the ability to be opted in or out of the program. Otherwise GPP can incorrectly flag a mission critical app and disable or remove it from a device, thereby bringing down a line-of-business application and an end customers operations. While the intentions of GPP are good, by blocking business apps Google themselves is becoming the malicious actor that GPP is ironically trying. to prevent.
Solved
mattdermody
22 days ago Place General discussions
40KViews
15likes
58Comments
Organization reached its usage limits, your work profile can't be set up.
We have a fleet that is managed with Android Management API that we use for pre prod testing. We started getting `Organization reached its usage limits, your work profile can't be set up` error recently in this enterprise. It had about 800 device when i did the list devices call. I have now removed the older devices and the list device call now returns 84 devices, but I still see the above error when trying to enroll new device. Its been about 2 days since i deleted the devices. Also been about 2 days since i have filled up https://docs.google.com/forms/d/e/1FAIpQLSf4VCzblf27V6jx1_iFt7lD1WjyCDpSDzQcxunTbQdbkEGG4Q/viewform to increase the quota for registered devices. Is there any way to investigate this issue? Can I check the registered devices qouta anywhere in GCP console? Are there any other case where I can see this error? I am seeing this error for both work profile and fully managed device.
Solved
Prathik
22 days ago Place General discussions
77Views
0likes
5Comments
Need explaination of following feature implementation for AER -3.19. Application track management
I have implemented the following feature and I can set application track from my emm console but not understand what to show for validation or how it will further works after set app track info. Thanks in advance.
mhfaruk
23 days ago Place General discussions
41Views
0likes
1Comment
Google Keyboard configuration Intune
Hi, I would like to know how to configure the Google Keyboard using Microsoft Intune. Specifically, I need to set up the keyboard with dual language support (Italian and German) on my Android devices managed through Intune. Could anyone help me achieve this goal?
Marco19
2 months ago Place General discussions
110Views
0likes
2Comments
Intune - Android Enrollment Default Profile
Hi, We’ve noticed that our Android devices are no longer enrolling automatically, which is resulting in the default profile being applied from the auto-created policy in the Google Zero-Touch customer portal. I’ve reviewed the portal settings, and the correct profile is still assigned by default. This process previously worked as expected. Many thanks, Joe.
JoeTucker27
2 months ago Place General discussions
138Views
0likes
10Comments