Issue with Copy/Paste Restriction in Intune MDM on Android Devices (Clipboard Editor Interaction)
Hi all, I’m currently experiencing an issue while setting up Intune MDM on Android devices related to restricting copy and paste to unmanaged apps. Specifically, the issue occurs when users copy text from the Teams app and try to paste within teams app. Here's what happens: After copying text, a message "Your organisation's data cannot be pasted here" immediately appears in the clipboard hud. The copied data seems blocked from being viewed, as the error message appears even before a paste attempt. Despite this, users can manually paste the copied content by long-pressing or selecting "Paste" from the text box. However, when trying to use the "paste from clipboard" feature, the warning message above is pasted instead of the copied content. We’ve set the Intune policy to allow copy/paste within managed apps, but the clipboard interaction seems to be problematic, especially with Gboard. It appears that Gboard, possibly due to Android 13 and 14’s Clipboard Editor, is treated as an unmanaged app, causing Intune’s data protection policies to block its access to the clipboard in a read-only state. Just to clarify: I want users to be able to copy and paste txt within managed apps only. So the allowed behavior of pasting with long press is fine, but I want to get rid of the block that we're getting. Here’s what we’ve tried: Added various exclusions to the Intune policy, including Gboard, Clipboard Editor, and other related apps (full list below), but the issue persists. Testing different configurations hasn’t led to a final solution, and there seems to be limited documentation specifically addressing this clipboard component in relation to Intune's data policies. We’ve escalated the issue internally but wanted to see if anyone in the community has encountered a similar problem or found a solution. Here’s the list of exclusions we’ve already added to the policy: Clipboard: com.android.clipboard SMS: com.google.android.apps.messaging SMS: com.android.mms SMS: com.samsung.android.messaging Native phone app: com.android.phone Google Play Store: com.android.vending Android system settings: com.android.providers.settings Android system settings: com.android.settings Google Maps: com.google.android.apps.maps Gboard: com.google.android.inputmethod.english Samsung: com.sec.android.inputmethod Gboard: com.google.android.inputmethod.latin Gboard: com.google.android.apps.inputmethod.hindi Gboard: com.google.android.inputmethod.pinyin Gboard: com.google.android.inputmethod.japanese Gboard: com.google.android.inputmethod.korean Gboard: com.google.android.apps.handwriting.ime Gboard: com.google.android.googlequicksearchbox Gboard: com.samsung.android.svoiceime Gboard: com.samsung.android.honeyboard Gboard: com.android.inputmethod.latin Teams app: com.microsoft.teams Any insights or suggestions would be greatly appreciated! This is my first time posting so apologies if this is the wrong space.Force settings on Dedicated devices during enrollment
Hello all, I'm trying to deploy a Dedicated device profile in Microsoft Intune, I created the configuration profiles and the compliance policy with some settings, in specific about PIN creation and complexity, but during the setup users are not asked to enter any PIN, and at the end the device result non-compliant until the PIN is set and is fulfilling the rules I set. Is there by any chance a way to force the PIN creation request during the enrollment phase as happens for user-associated devices? Thanks in advance /Lucius
Work profile on S25 Ultra
Just bought a Galaxy S25 Ultra a few weeks ago and unfortunately I'm not able to create a work profile with MS Intune. I've tried all workarounds that I found on Reddit and Samsung community (https://us.community.samsung.com/t5/Galaxy-S25/New-S25-Ultra-Unable-to-setup-work-profile-using-company-portal/td-p/3126410/page/29). I think that this can be related to some Android Enterprise support because I could not find any reference of the models when searching for it. Does anyone else are having issues when trying to create a work profile on S25 series?
[Community survey] Feedback on Android Enterprise Secure logs
Hello everyone, I'm a big fan of surveys and we haven't had one for a little while - so here we are! We'd love to hear your feedback on a potential improvement to the Android Enterprise logs. Android Enterprise logs provide critical insights into device activity and security, empowering organizations to manage and secure their mobile ecosystems effectively. These logs are divided into: Security logs, which capture key events like app installations, failed authentications, and policy changes, and Network event logs, which track network activities such as app connections and destinations. Logs are currently stored in the normal world (REE - Rich Execution Environment). We are exploring a feature enhancement to enable this storage in a secure environment (Virtual Machine) so that they are better protected. This feature enhancement has a few options / levels and we want to understand their importance to you: Logs stored in secure environment: If the OS is compromised, the logs are much harder to access and tamper Tamper evident logs: This would allow the OS to indicate if the logs were tampered with Tamper proof logs: This makes it not possible for logs to be tampered with. Logs would only be available in small quantities (4mb on average, depending on chipset capability) If you have a spare moment, please take the short survey below. If you have any additional questions, please to reply to this topic below (by clicking 'Reply'). Thank you for your time and feedback. Lizzie (and the Customer Community team)
Silent installation of applications on TELPO devices using Android Enterprise
I have an Android application that I want to use on TELPO devices, but in a way that updates are downloaded silently on the device, meaning the user does not have to intervene to update or install an application. I understand that with the configurations offered by Android Enterprise, it is possible to set up a device to allow the actions I require.
Please help - new company, email & phone yet already enrolled??
I'm hoping someone can help, as I'm at a complete loss. I am the sole owner and operator for my newly formed design company, bought a new Moto G Play and created a new email for it. After some fiddling, though, I saw that it had Moto Device Management installed already, but asks for a code from my administrator... Again, it's only me and everything is brand new, but even Google won't let me sign up for an enterprise account, saying to talk to my admin. I've factory reset, yet the problem persists and strange apps/functions are happening with the phone, as if someone else is "managing" my company device already. I've scoured forums, FAQs and articles to no avail; in fact, learning of the capabilities, I'm quite worried. Luckily, I noticed it before putting anything besides that new email on it, but it's obviously compromised by someone else - there are many, many system apps now on it that aren't from the play store, nor came with the phone initially. What can I do? Any help is appreciated.
