Enabled FRP and now I'm stuck
We're building an Emm solution so while testing I enabled FRP and thought of giving it a shot. So, after factory resetting all i can see is a google window asking me to verify with the account that was previously in the device. What I cannot understand is there was no account signed in except the one google created ( the managed account with the briefcase thingy ). I'd like to understand how can i recover it now? i do have some of the device details on enterprise.devices.get endpoint. Any help would be much appreciated! Rino.
Preferred Password / Passkey / Autofill Missing Policy
Since the installation of Android 15, I'm now unable to set a preferred Passkey / Password service on the phone, and it says its being blocked by an IT policy, contact an admin. Being the admin, and reviewing setting multiple times, there is no policy set that comes close to this. Is there a way to allow this to be used in an enterprise, or is there no fix and it's a hidden policy?
Google Messages App: SMS to shortcode not able to send
Our Provider (Vodafone Germany) is using a SMS shortcode number to be able to order an upgrade on dataplans by sms. Once the monthly contract plan (e.g. 1 GB) have been used users will receive a sms from 70997 to inform that you can answer the SMS with "1" or "2" to restore your data connectivity. We ran into the issue that the Google Messages app seems to have some sort of bug with sending SMS to this kind of shortcode number as it alway says "Not sent" in red error text. Provider tech support told me that the Google messages app is prefixing the number with "49" resulting in a wrong / unknown number (4970997). They cannot fix that from their side as the issue is within Google messages app and asked me to install a 3rd party messages app.... *ugly* Is this something I can request to investigate from here? I will also create a case with Samsung tech support as we are mainly using Samsung devices as our corp. device fleet. Thank you! Kind Regards DanielNeed Help with QR Enrollment for Multiple Devices in Educational Environment – Is External MDM Required?
Hi everyone, I'm managing a large number of Android tablets in an educational environment. I'm trying to enroll the devices using Android Enterprise with QR code enrollment, but I'm having trouble getting the QR method to appear. So far, only Zero-Touch shows as an option, but most of our devices were not purchased through Zero-Touch resellers, so we can't use that method. My main question is: Is it strictly necessary to use an external MDM (like Miradore, Intune, etc.) to generate the QR code, or is there a way to create and use it directly from the Google Admin console or natively through Android Enterprise? We want to deploy the tablets efficiently and avoid entering accounts manually. Ideally, each device would automatically enroll with our managed Google Play account by scanning a QR code after a factory reset. This is especially important in a school context, where we have many students and limited time for configuration. We are already registered in Google Workspace, and the tablets are in a dedicated organizational unit for students. The admin account is managed, and we are using the Android Enterprise platform linked to our domain. For reference, here are two YouTube videos showing the configuration steps I followed (which reflect our current setup): https://www.youtube.com/watch?v=jI-C_y1u8jE https://www.youtube.com/watch?v=h__pvfp559Q Any advice or clarification would be greatly appreciated. Especially if there’s a native way to enable QR enrollment without needing a full external MDM platform. Thanks in advance!
OEM Unlock toggle not available
Hi all, Recently joined the community, first time poster here. TL;DR at the bottom. Hopefully my question has a simple solution but I've looked everywhere (except here of course). I'll try to keep this as simple as possible. Everything is in UAT if that matters. The important bits: Pixel 8a Build BP1A.250505.005.B1 No SIM or eSIM Android Enterprise registered to my UAT Tenant I'm testing some scenarios for automating device compliance with Omnissa using Workspace ONE Intelligence. To test this successfully I'm going to need to flash back to an older Build and probably more than once for demo purposes. The OEM Unlock toggle is not available however, and I this is preventing me from doing my testing. I've read conflicting posts elsewhere regarding carrier unlock, SIM and/or eSIM etc. ADB is working fine but flashing older images is just not working. Any help from the community on how to get OEM unlock enabled would be greatly appreciated. TL;DR: Need to flash a pre 250505 build to my Pixel 8a. Can't toggle OEM unlock as it's greyed out.
Play Protect Blocking Custom DPC Apps — How to Get Approval or Alternatives?
Hi everyone, I'm a developer who helps enterprises build custom DPC (Device Policy Controller) Reference Documentation apps to manage Android devices based on their unique requirements. Recently, Play Protect has started blocking the installation of custom DPC apps, even when these apps are signed and used internally. The warning claims the app may pose a risk due to access to sensitive data - even though it's strictly for enterprise use. To make things more difficult: Google is no longer accepting registration of custom DPC apps with Android Enterprise, which limits official distribution and management options. Android Management APIs don’t support all use cases, and also have quote limit. I’ve applied twice to join the Android Enterprise portal to build a SaaS-based device management platform, but both requests were rejected without a clear reason. My questions for the community: Is there any official way to get a custom DPC app approved or whitelisted by Play Protect? Are there any alternative ways to manage Android devices at scale (outside of AMAPI or legacy EMM)? How can new developers or startups gain access to Android Enterprise features when onboarding is currently restricted? Any help, direction, or shared experience would be greatly appreciated. Thanks, Kulwinder
Issue with Copy/Paste Restriction in Intune MDM on Android Devices (Clipboard Editor Interaction)
Hi all, I’m currently experiencing an issue while setting up Intune MDM on Android devices related to restricting copy and paste to unmanaged apps. Specifically, the issue occurs when users copy text from the Teams app and try to paste within teams app. Here's what happens: After copying text, a message "Your organisation's data cannot be pasted here" immediately appears in the clipboard hud. The copied data seems blocked from being viewed, as the error message appears even before a paste attempt. Despite this, users can manually paste the copied content by long-pressing or selecting "Paste" from the text box. However, when trying to use the "paste from clipboard" feature, the warning message above is pasted instead of the copied content. We’ve set the Intune policy to allow copy/paste within managed apps, but the clipboard interaction seems to be problematic, especially with Gboard. It appears that Gboard, possibly due to Android 13 and 14’s Clipboard Editor, is treated as an unmanaged app, causing Intune’s data protection policies to block its access to the clipboard in a read-only state. Just to clarify: I want users to be able to copy and paste txt within managed apps only. So the allowed behavior of pasting with long press is fine, but I want to get rid of the block that we're getting. Here’s what we’ve tried: Added various exclusions to the Intune policy, including Gboard, Clipboard Editor, and other related apps (full list below), but the issue persists. Testing different configurations hasn’t led to a final solution, and there seems to be limited documentation specifically addressing this clipboard component in relation to Intune's data policies. We’ve escalated the issue internally but wanted to see if anyone in the community has encountered a similar problem or found a solution. Here’s the list of exclusions we’ve already added to the policy: Clipboard: com.android.clipboard SMS: com.google.android.apps.messaging SMS: com.android.mms SMS: com.samsung.android.messaging Native phone app: com.android.phone Google Play Store: com.android.vending Android system settings: com.android.providers.settings Android system settings: com.android.settings Google Maps: com.google.android.apps.maps Gboard: com.google.android.inputmethod.english Samsung: com.sec.android.inputmethod Gboard: com.google.android.inputmethod.latin Gboard: com.google.android.apps.inputmethod.hindi Gboard: com.google.android.inputmethod.pinyin Gboard: com.google.android.inputmethod.japanese Gboard: com.google.android.inputmethod.korean Gboard: com.google.android.apps.handwriting.ime Gboard: com.google.android.googlequicksearchbox Gboard: com.samsung.android.svoiceime Gboard: com.samsung.android.honeyboard Gboard: com.android.inputmethod.latin Teams app: com.microsoft.teams Any insights or suggestions would be greatly appreciated! This is my first time posting so apologies if this is the wrong space.
Google services
We have a cloud customer on SoTI mobicontrol who wants to block all outbound traffic in their firewall and only allow what is strictly required. I’ve provided the customer with the official system requirements for SOTI MobiControl and Android Enterprise. However, the customer is only familiar with managing Apple devices and is looking to open the absolute minimum necessary for Android Enterprise to function — particularly avoiding wildcard domains (*) where possible. Can anyone help clarify which Android Enterprise network requirements are actually essential, especially when it comes to Google services, and which ones we can safely leave out? No file sharings, and remote control will be allowed by the customer.
Device Attestation: Auto-Select Client Cert + User Login on Android
Hi everyone, I’m trying to use client certificate authentication (mTLS) with Chrome Custom Tabs on Android. We want to automatically select the client certificate without prompting the user, and also ask for their username and password as part of the login process. This way, we can combine both certificate-based authentication and user credentials for device attestation. On desktop Chrome, this can be done using a policy like AutoselectCertificateForUrls, but it seems this doesn’t work on Android. If this is a known limitation, is there a way to request this feature from the Android or Chrome team?
