Impact of Intune's NFC restriction setting on IC card reading and Nearby Share
Hello, I'm managing Android Enterprise devices via Intune and would like to confirm the behavior of a specific device restriction setting related to NFC. ■ Device: AQUOS wish4 (Android), enrolled as a fully managed device ■ Policy applied: Device configuration profile with "Beam data using NFC (work-profile level)" set to Block ■ Policy configuration path in Intune Admin Center: Microsoft Intune Admin Center > Devices > Manage devices > Configuration Platform: Android Enterprise Profile type: Template > Device restrictions Configuration settings > General - Beam data using NFC (work-profile level): Block ○ Background and expectation: My understanding is that this setting is intended to block NFC-based data transfer (i.e., Android Beam) within the work profile. However, I initially assumed it might also block general NFC usage, such as reading contactless transit cards or using mobile wallet services. ○ Test scenario and results: After applying the policy to a fully managed AQUOS wish4 device, I observed the following: The NFC toggle remains available and functional under: Settings > Connection settings > More connection settings > NFC I installed an app that reads contactless transit cards used for public transportation (e.g., Suica or PASMO in Japan) and confirmed that it successfully retrieved the card balance via NFC ○ Interpretation: Based on this behavior, I suspect that the policy only affects the deprecated Android Beam feature, which used NFC for peer-to-peer file sharing. It does not block general NFC functionality such as card reading or mobile payments, nor does it impact newer sharing technologies like Nearby Share or Quick Share, which rely on Bluetooth and Wi-Fi Direct. ■ Questions: Is my understanding correct that "Beam data using NFC (work-profile level)" only restricts Android Beam functionality and does not affect general NFC usage? Is there a way to restrict Nearby Share / Quick Share on fully managed Android devices via Intune, or would that require a different configuration or approach? Any insights, documentation references, or shared experiences would be greatly appreciated. Thank you!
Barcode setup without ENROLLMENT_TOKEN
Hi We are preparing to enroll over 600 Zebra and Honeywell barcode scanners into Microsoft Intune. These devices are distributed across more than 250 locations and span over 35 distinct configuration profiles. To ensure a smooth rollout, especially for our non-technical users, we aim to automate the enrollment process as much as possible—minimizing manual input and reducing the risk of user errors, including Wi-Fi setup. Our intended workflow is for users to simply scan a QR code at the initial "Hi there" screen. This QR code should contain the necessary Wi-Fi configuration and trigger device provisioning via the Google Zero-Touch portal, bypassing the setup wizard entirely. However, when we generate a QR code using the following JSON configuration, the Wi-Fi settings are not being applied as expected. After the QR code is scanned, the device proceeds to the Wi-Fi setup screen, where users are required to manually enter the network configuration. According to Google’s documentation, the EXTRA_ENROLLMENT_TOKEN is optional. Is it possible to fully automate this step without including the token, or is it required in practice for the Wi-Fi configuration to be applied correctly? Any help would be much appreciated—thank you! { "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver", "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg", "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup", "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": { "android.app.extra.EXTRA_PROVISIONING_WIFI_SSID": "**SSID**", "android.app.extra.EXTRA_PROVISIONING_WIFI_PASSWORD": "**PASSWORD**", "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA", "com.google.android.apps.work.clouddpc.extra.EXTRA_PROVISIONING_SKIP_USER_CONSENT": true, "com.google.android.apps.work.clouddpc.extra.EXTRA_PROVISIONING_SKIP_USER_SETUP": true, "com.google.android.apps.work.clouddpc.extra.EXTRA_PROVISIONING_SKIP_ACCOUNT_SETUP": true, "com.google.android.apps.work.clouddpc.extra.PROVISIONING_SKIP_EDUCATION_SCREENS": true } }
Android Enterprise BYOD not honoring auto-connect setting for WiFi
Hi, We have an issue in our tenant with BYOD device enrollment (Personally owned with Work Profile). We use Intune as EMM. We want to push a WiFi policy to our devices but we do not want to preconfigure auto-connection for our users. Our users must manually connect to the network. The problem is that this setting is not supported for BYOD in Intune, so we have no control over it. In addition, the default behaviour of the devices (tested in Realme, Xiaomi, Nokia, Google, Samsung phones) is that autoconnect is enabled by default. Even if the user disables it, next Intune sync enables it back. Finally, I checked the policy via graph API and I see that: "connectAutomatically": false, "connectWhenNetworkNameIsHidden": false, "wiFiSecurityType": "wpaEnterprise", Is this setting not honored by the OS? Is there anything we can do about it?Intune now showing tenant name on lockscreen
Hi everyone, As of some weeks, Intune started showing the tenant name on the lockscreen. Where it used to say "this device belongs to your organisation" it now says: " This device belongs to company name" . Since this is a big no for most of our customers, I was wondering if other people noticed this as well and maybe even found a solution for it. Microsoft support admitted that they changed this, but they will now help us getting it fixed or even giving us the option to enable or disable this. Showing the company name on a device can make a device more interesting to people who might find a lost or stolen device. Therefore, we never show company names or logo's on the lock screen. And most customers we work with expect that kind of behaviour. We currently have to project on hold because if this detail. (And its costing us extra business because they are not buying the hardware that comes with it 😅) I hope someone else is having more luck! In the meantime I'm escalating this via other companies in our group with better MS connections but those take some time. And if you haven't noticed this issue, please be aware of it. As far as we know, only Intune has done this. Knox, Workspace one and Mobile Iron are not showing this message. Samsung has replied that this is absolutly not right in their opinion. Its a big risk for companies.
In-house app is not being distributed to a specific device
Hello, I am facing an error for a several months in the MC33ax from Zebra. I have an in-house app that was uploaded to Play Console, to be further linked to Microsoft Intune. The MDM is managing corporate devices by providing the app to many ones, as MC94, MC93 and MC33ax. However, everything works fine for 93 and 94, I can see the app in the Play Store, which is not happening to 33ax. In the Google Play Console, it seems that MC33ax is not part of the device catalog. Zebra support said something about reaching out GooglePlay Developer support to add the part number, and they said I should contact Android Enterprise. Is there someone able to provide assistance? Thank you in advance, Regards,
Zero Touch MDM Phones Randomly Factory Resetting
Hello We have been having an issue over the past few weeks/months where Android devices are randomly resetting. The phones are zero touch enrolled and managed by Intune via COPE, we apply configuration and compliance policies to these devices. One of these configurations enforces a device wipe after so many failed pin code failures. This is the only known wipe configuration set on the devices. We have exhausted the configuration side and do not see a root cause other than user error, however this is not really likely given it takes some effort to actually do this. From googling online, we can see that this may be an issue relating to the play version not updating correctly, is this still an issue? Random factory resets after devices complete GZT configuration. | Android Enterprise Customer Community - 2236 These devices are a mix of newly enrolled and also old enrolled devices. They have also been setup with Wi-Fi. Thanks
Widgets on COPE - MS Intune
Hey, Unfortunately there are no settings and/or no chance configure Widgets on COPE in MS Intune. There is specific setting in Intune restrictions config profile to allow/disallow Widgets for BYOD method. Is this problem tied only MS Intune or is this something for Google? Majority of our 10k fleet enrolled as COPE and it's a big gap not having widgets available for Work Apps. Thanks JarmoDo you wish Microsoft would implement Android user profiles in Intune?
If so, then upvote my feedback here: Implement persistent multi user feature on Android | Microsoft Feedback. No, this is not the same as Microsoft Entra Shared Mode. It uses Android's built-in user profile feature and is documented by Google here: Manage multiple users | Android Enterprise | Android Developers. Microsoft disables this feature on all enrollment profiles with no way to enable it.
