Device Owner Enrollment Error: “Organization Has Reached Its Usage Limits” Even With Zero Devices
Hi everyone, I’m trying to enroll a fully managed Android device using the Android Management API. I generate an enrollment token, create the QR code, factory reset the device, and start the QR-based provisioning process. Everything works until the Android Device Policy step, where I get the following error: “Since your organization has reached its usage limits, this device can’t be set up.” I am unable to get past this point. Here is what I have already checked: Listing devices through the API returns an empty list. There are no enrolled devices at all. Billing is active on the cloud project and the Android Management API is enabled. Enterprise creation works, policies return correctly, and I can generate enrollment tokens without any issues. The device is correctly factory reset and the QR scan is working as expected. I tested with both a Workspace-based enterprise and a Gmail-based enterprise. The same limit error appears on both, even though both enterprises have zero devices. I moved the cloud project under my organization in Google Cloud to avoid any project-level quota problems. Based on everything I have checked, it appears that the enterprise (or account) has been automatically restricted to a device quota of zero, and the restriction has not lifted even after several days. I would like to understand the following: Is this quota lock normal for new enterprises, and how long does it usually take to lift? Is this quota tied to AMAPI commercial approval? Is it expected that zero devices can be enrolled before approval? Is there any way to request a quota review so that at least one test device can be enrolled? I am building a commercial EMM solution and simply need to test device-owner provisioning on a physical device, but I am currently blocked by this limit. Any guidance from the community or anyone who has dealt with the same situation would be greatly appreciated. Thank you.
Device screen sensitivity
Hello AE community, Our users encounter screen sensitivity issue while using a screen proctection on their devices, Device impacted is Samsung A9+, There is a setting to enhance screen sensitivity but it is not manageable thought Ivanti NMDM, or Knox Service Plugin. We also use Bluebird devices, for this manufacturer, sensitity setting is manageable using their OEM Config app. Is there another method to manage this setting ? Should i make a FER (Feature Enhancement Request) to Samsung directly ? Regards Batlac
Fido2 key and their issues using them on Android
First, do Android support using Fido2 keys on Android? Yes, it does support both using bluetooth, NFC and USB authentication. For reference: https://developers.google.com/identity/fido/android/native-apps But does it mean that it is straight forward to use it in a enterprise environment without hiccups? No, the support lacks many features that both Windows and iOS has supported for long time. If I buy a modern Fido2 with OTP support, will it work straight out of the box for using the USB? No, you need to disable the OTP support first. Here is how you can do that from yubikey manager, this works for Yubikey. Other vendors might have something similar. But for Fido2 keys without OTP support, it should work out of the box for USB-C, like Google titan. Why this happens, dont know. Can we use NFC for Entra ID authentication like we can on Windows and iOS? No. Android does not currently support CTAP2 for NFC, only for USB-C input. CTAP1 (FIDO U2F) supports certificate based authentication, but CTAP supports user verification with PIN and biometrics. Entra ID requires UV (user verification) before accepting login. As far as I know, there is also support for bluetooth. But I dont have any fido2 keys that support bluetooth yet. So why does this matter? With Android you can have shared devices with secure login for multiple users with a single log in for all supported apps, auto log off and many other possibilities. https://learn.microsoft.com/en-us/entra/identity-platform/msal-shared-devices Other sources/discussions: https://www.reddit.com/r/yubikey/comments/1oncuh2/whats_the_point_of_nfc_on_android/ https://www.reddit.com/r/yubikey/comments/13tlzoc/fido2_inconsistent_across_windowsandroid/ https://fidoalliance.org/specifications/
Android Exchange Sync Problems: Contacts and Calendar Not Updating
Hello, I manage a fleet of more than 1,000 Samsung Android devices using Omnissa Workspace One (AirWatch), devices are enrolled in COPE. We use Gmail, Google Calendar, and the native Samsung Contacts app in the work profile, all synchronized through an Exchange ActiveSync connector. Since Wednesday, November 26th, we have been experiencing synchronization issues: - Contacts and calendar events saved on Exchange disappear after some time. - The Calendar app eventually shows an “Unauthorized Action” error and refuses to open. - Gmail continues to sync emails normally. The issue occurs randomly (sometimes after one hour, sometimes longer). Clearing Gmail’s app data and signing in again temporarily resolves the problem, but the issue always comes back. We've tryied uninstalling and reinstalling the app through our MDM but we can only do it user by user and we're not sure about it fixing the issue. We have no means to "rollback" Gmail's version to an older one through our MDM, i've tryied uninstalling recent updates on one of my test phones, it's seems stable for the moment. We noticed that Gmail received an update recently, and a couple of other fleet managers have reported the same problem since that update on Play store's comments. Have you identified any bug or recent change in Gmail that could affect Exchange/ActiveSync synchronization? Thank you in advance for your assistance.
Intermittent QR Code Provisioning Failures with Identical Source Code
I am experiencing inconsistent behavior with QR code provisioning for Android Enterprise and am seeking guidance from the community. The Issue: QR code provisioning works intermittently, but the failure pattern is inconsistent. A provisioning QR code generated from a specific APK build will work reliably. However, subsequent builds of the exact same source code from the same Android Studio project will sometimes fail. The device displays a generic "Contact your IT admin" error. What I've Verified: The APK is properly signed and the checksum in the QR code is correct. The server delivers the APK with the correct application/vnd.android.package-archive MIME type. The DeviceAdminReceiver is correctly declared in the manifest and the associated XML resource exists. The package name and component name in the QR code are 100% accurate. Comparing a "working" APK and a "failing" APK in APK Analyzer shows no differences in the core components (package name, receivers, resources). Question: Has anyone else encountered this? Are there known issues with Android's provisioning service being sensitive to certain aspects of the APK build output that are not related to the core functionality or signature? Any insight into how to achieve consistent, reproducible builds for provisioning would be greatly appreciated.
GSF ID not generated after device enrollment on Android 15
Hi everyone, We’re facing an issue with devices running Android 15 — after successfully enrolling them in our Android Enterprise setup (Device Owner / Fully Managed mode), the Google Services Framework (GSF) ID is not being generated. This issue did not occur on Android 13 or 14; the GSF ID was available immediately after enrollment. However, on Android 15, the GSF ID remains empty even after waiting and rebooting. We’ve already tried: Factory reset and re-enrollment Checking Google Play Services version Ensuring the device is connected to the internet Waiting for Play Store sync Despite that, the GSF ID is still missing. Could anyone confirm if there’s a known change in Android 15 related to GSF ID generation, or if additional permissions/configuration are required for enterprise-enrolled devices to obtain it? Any guidance or workaround would be greatly appreciated.
Question to Enterprise Factory Reset Protection
Hello, we have a question to EFRP: If you specify a google account which can unlock FRP on this device in the future, does this google account have any other special permissions on that device or is it just like any other google account if logged in? Our Security Office wants to know that to be sure there is no other security concerns with configuring central EFRP accounts. If you have any technical references or KB articles to this topic, it would be highly appreciated. :) Thank you in advance
Control Wi-Fi Calling settings
Hi there, hope you're well. Just wondering is it possible to control the Wi-Fi Calling settings within Android via MDM? The closest thing I've seen is to use Knox Asset Intelligence to check Wi-Fi Calling setting status on Samsung devices: https://docs.samsungknox.com/admin/knox-asset-intelligence/dashboard/network-insights/wifi-calling-setting-status/ Thank you for your help & input in advance!
Is there an alternative way to perform the same function as UpdateApplication on Android 15?
Hi everyone, We are currently managing Samsung enterprise devices via Knox Manage under Android Enterprise DA mode (Device Admin) . Our in-house application previously used the UpdateApplication API to update itself silently without user interaction. This worked well under Android 14. However, after updating to Android 15, this API no longer functions. Based on the Samsung Knox SDK documentation, it appears that UpdateApplication is now restricted to Device Owner (DO) and Profile Owner (PO) apps. We have tried to assign all delegated scopes to our app via Knox Manage policy settings (Android Enterprise → App Restrictions → Delegated Scopes for Apps). Unfortunately, the API call still fails. ✅ What we’re looking for: - Is there any alternative methods that allows silent or managed updates of enterprise apps on Android 15, without being a DO/PO app? - Or is DO/PO elevation now the only viable path? - If so, is there an official onboarding flow or protocol to request DO/PO designation for an app via Knox Manage? Any guidance, references, or examples would be greatly appreciated. Thank you! — Environment: - Android 15 - Knox Manage (latest) - Samsung A9+ tablets - Device Admin mode
