Default browser app not resettable
Hey! We are currently testing a few apps in Work Profile, for which we need 2FA. The second factor is a FIDO2 token that can be used via NFC or USB. If you have a FIDO2 token with USB-C, everything is fine. But we also have some with USB-A. If you don't have an adapter, you're more likely to resort to NFC. Chrome supports FIDO2/NFC directly, which makes logging in quite easy. However, most web views cannot do this, and a passcode must be entered manually. The pure FIDO2 NFC tag basically contains a URL with the passcode. You open the webpage via NFC, copy the passcode, and enter it when logging in. So far, so good. However, we encountered a problem that prevents us from using the FIDO2 token via NFC in the Work Profile properly. There are default apps for different categories such as browser, wallet, caller ID, etc. If you need to launch one of the app categories and there are several apps available, you will be asked which app you want to use and just for once or always. The app preferences can be reset via the settings so that the query will reappear the next time. This works without any problems with “Home app,” for example. But the Default Browser? No. The Browser app default remains after the reset. Even if a browser was set as the default and was deleted, it will just switch to another app and won't ask. The problem with a permanently set default browser is that links from NFC tags are immediately opened in the personal space. If there is a copy & paste lock on the work profile, you cannot use the code. (Unless you type >40 characters) If you are asked for an app to open the URL, you can also select the browser in Work Profile. Can anyone reproduce this behavior? Or does anyone know if something has changed for the Browser-Default in Android 15/16? On a device running Android 13, resetting the app defaults works reliably. It doesn't seem right that the browser default cannot be reset properly with Android 15/16.
Factory reset protection (FRP) or enterprise factory reset protection (EFRP).
Hello, since Android 15 we have encountered a huge problem with Corporate phones (enrolled in BYOD) for which users leave the company without deleting their account. We therefore found ourselves with locked phones that we cannot return to our reseller (who asks us for a large sum to unlock them) so I come to you to find a solution or a tool available to the technical teams to clean up. We are open to any advice or help
Issue with Default Configuration Profile in Android Zero-Touch Portal
Hi Team, We are facing an issue with the default configuration profile in the Android Zero-Touch (AZT) portal. We have set up a custom configuration profile as the default, but whenever our reseller adds a device in the AZT portal, the devices are getting assigned to the Enterprise Default Configuration Profile instead of our configured default profile. At the moment, we are manually assigning the correct profiles in AZT, but this is creating additional effort and delays for our IT team and end users. We are unsure where this enterprise default profile is coming from and why it is overriding our custom default profile. Could you please help us resolve this issue or provide guidance on why the enterprise default profile is taking precedence? Also, do you have any recommendations other than unlinking the AZT portal from the Workspace ONE portal? Thanks in advance for your support.
problematic re-enrollment following smartphone reset under Android 15
Hey Everyone, Since a couple of weeks, we are encountering a problem with the re-enrollment of devices that have moved to Android 15. our employees arrive on the next screen : I reproduced the incident under the following conditions : Step 1 , the device is enrolled on Omnissa WSP1 in COBO with personnal Google Account Step 2 , for some reasons, the device is erased (example : 10 errors code) Step 3 , the profil in KME or Zero Touch is Microsoft Intune & no more Omnissa Step 4 , It seems that the KME or ZERO Touch verification did not happen at the right time. Step 5 , our employees have to proove the use of the device like a personal device ! We didn't encounter this problem for devices in Android 13 or 14. The devices i used : Motorola g54 5G Android 15 V1TDS35H.83-20-5-5 security patch : 1 july 2025 Samsung A35 - SM-A356B Android 15 AP3A.240905.015.A2.A356BXXS5BYF3 security patch : 1 july 2025 We have several thousand devices left to migrate to Microsoft Intune, this new enrollment behavior is unacceptable for 100% company devices. Our fleet is fully managed in KME or Zero Touch. Can you investigate this incident? Chris
Managed configuration to Gboard has disappeared from MDM
The ability to apply a managed configuration to Gbaord has disappeared. We think this is due to a recent change to the Gboard app where Google has removed this ability. Environment: MDM = Omnissa Workspace One UEM (we are also hearing reports of this impacting SOTI customers as well) Rugged Zebra Mobile devices, majority running either A11 or A13 Leads: Managed App configs are still present on Chrome & ServiceNow Now Agent, hence why we believe this is not an MDM Console issue. We have escalated to Omnissa support anyway, who have in turn escalated to Google. Is anyone else seeing this issue?OEM Unlock toggle not available
Hi all, Recently joined the community, first time poster here. TL;DR at the bottom. Hopefully my question has a simple solution but I've looked everywhere (except here of course). I'll try to keep this as simple as possible. Everything is in UAT if that matters. The important bits: Pixel 8a Build BP1A.250505.005.B1 No SIM or eSIM Android Enterprise registered to my UAT Tenant I'm testing some scenarios for automating device compliance with Omnissa using Workspace ONE Intelligence. To test this successfully I'm going to need to flash back to an older Build and probably more than once for demo purposes. The OEM Unlock toggle is not available however, and I this is preventing me from doing my testing. I've read conflicting posts elsewhere regarding carrier unlock, SIM and/or eSIM etc. ADB is working fine but flashing older images is just not working. Any help from the community on how to get OEM unlock enabled would be greatly appreciated. TL;DR: Need to flash a pre 250505 build to my Pixel 8a. Can't toggle OEM unlock as it's greyed out.
High Priority mode takes 10 hours to update apps on devices
Hi everyone, In our MDM Workspace ONE UEM, we are conducting tests to update Google Play applications on corporate devices under the following scenario: New version of a managed app published in the Production track, deployed in High Priority mode to 100% of devices (no staged rollout). The Android devices have a profile installed with the "Auto update" payload configured to "Always auto update", with an all-day window so the update can occur at any time, ignoring the documented restrictions (https://support.google.com/work/android/answer/9350374?hl=en#zippy=). According to our tests, the device updates itself (without manual intervention) in around 10 hours on average. We expected the update to occur more quickly in this scenario, and we require greater agility for Production deployments. Is it normal to wait around 10 hours for an update in this scenario? Is there anything else we can configure to reduce the waiting time? Thank you very much, VicenteGoogle Managed Play - Revoke app approval when app requests new permissions.
have a question regarding controlling the managed App version upgrade on device and restricting this via Google managed play https://play.google.com/work. Using managed google play app if I use “Revoke app..” option ( Refer screenshot), App will be unapproved from managed play store and removed from device Managed Private playstore followed by uninstallation from the device whenever there is new permission requested or new release has been pushed by app developer? OR App will be just unapproved from managed play store and will not impact any device already installed the app? 2. App getting Unapproved on managed playstore will see any impact on devices if the app was earlier pushed on Devices as the available app via EMM sol. like Intune. AirWatch ( not required / non-mandatory app) and device have not installed this app and now trying to install the app after this change on Google managed play https://play.google.com/work as unapproved? 3. After approving the app, will new update will be pushed to the device automatically if the app is already installed with old version or device has to reinstall this app with new version?
