Recent discussions
Android 15 - Cannot set default password app
We use Microsoft Intune to manage devices. For the devices which have upgraded to Android 15, the end users can no longer select Microsoft Authenticator as their default application for auto filling passwords. I cannot find any settings in Intune to allow it. All devices are fully managed corporate owned devices. The devices are all Google Pixel 8 or 8a devices. Is this a bug in 15 or am I missing something?[Community poll] What are your thoughts on…Android Enterprise training?
Hello everyone, I hope you are doing well. Last year we asked you here in the community about your interest in a possible security certification, we had a great response (and we will be providing an update on this soon). We wanted to expand this further to gauge your interest in providing Android Enterprise training modules. While some of you might be familiar with our Partner Academy resources, this would be specifically looking at training content tailored to your needs as a customer. It would be great to hear you thoughts. Please take a moment to answer the short poll below (or click here to view the form in separate tab). If you have any additional thoughts/details you'd like to share, please add a comment in this thread. Massive thank you for your time and we look forward to hearing what you think. Lizzie Loading…
Samsung Devices: Can't call from a personal app
Hi everyone we received some reports from our users in the last couple of month that suddently the phone app on COPE devices (Samsung A-series) starts to show "Can't call from a personal app" - Your organisation only allows you to make calls from work apps. Workaround: Reboot the device. For most of the reports this workaround has to take place once and the message is gone forever. A very small amount of devices starts to show this message again after a couple of weeks. Rebooting is resolving the issue again. Any idea of how to prevent this? Even emergency calls are not possible if this error is appearing! Does anyone else have seen this behavior? Raised a case with Samsung today. Thanks! Daniel
Install client certificate via Android Management API Policies - OncCertificateProvider
Hello community, I am trying to install a client certificate on fully managed Android devices. The devices have been enrolled via Android Management API. The docs show that there is a OncCertificateProvider policy, but it says it is "not generally available". What does that mean? Will it be available in the future? Where can I apply for using this policy? The specific thing I want to achieve is configuring Cisco AnyConnect/SecureClient with cert authentication. The managed config of the Cisco app allows me to set a "KeyChain Certificate Alias", but I first need to get the cert into the Android KeyChain somehow. I also tried to send the client cert via openNetworkConfiguration, but it does not appear in the key chain (in the settings app) of the device, although the policy is applied without any problems (as reported by Android Management API). I guess those certs here are only used for network config and not stored in the key chain for usage with e.g. VPN apps. Thanks.
WPCO Enrollment into Google Workspace using Zero Touch
Hi there! I am implementing Zero Touch enrollment for our newly purchased Android devices. It is working well and our testing devices end up in "Fully Managed" state after enrollment. I have been wondering if the enrollment could be adjusted so the device ends up in "Work profile on corporate-owned" (WPCO) state instead. I have done a little research and Android spec should allow a device to end up in WPCO state after it is enrolled via Zero Touch. Is this end result achievable with following combination? Device: Samsung with Android 14 Enrollment: Zero Touch during device setup EMM: Google Workspace Google Workspace AFAIK does not have any switch for this in UI. Could the management mode be configured during Zero Touch by using DPC extras set in Zero Touch portal? Developer oriented documentation suggests this is governed by EXTRA_PROVISIONING_MODE. I have tried following Custom Configurations in Google Zero Touch portal so far (all targeting com.google.android.apps.work.clouddpc) : { "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": { "com.google.android.apps.work.clouddpc.EXTRA_FORCED_DOMAINS": "[\"mycompany.com\"]", "PROVISIONING_MODE": "MANAGED_PROFILE" } } and { "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": { "com.google.android.apps.work.clouddpc.EXTRA_FORCED_DOMAINS": "[\"company.com\"]" }, "android.app.extra.PROVISIONING_MODE": "2" } and { "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver", "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "<SIG-CHECK>", "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup", "android.app.extra.PROVISIONING_ROLE_HOLDER_SIGNATURE_CHECKSUM": "<SIG-CHECK>", "android.app.extra.PROVISIONING_ROLE_HOLDER_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup", "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": { "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "<TOKEN>", "com.google.android.apps.work.clouddpc.EXTRA_FORCED_DOMAINS": "[\"company.com\"]", "PROVISIONING_MODE": "MANAGED_PROFILE" } } In all three case the devices goes trough Zero Touch enrollment. Device Policy is installed. User is required to log in with a Google Account with company.com account. The device ended up in "Fully Managed" state in all three cases...My application was rejected
Hello, good afternoon everyone. I'm writing to this forum to ask for help. A few weeks ago, I applied for the EMM and Enterprise Android Partner program. My application was rejected without any explanation in the emails. I'd like to know the requirements to join the program. We are a development company based in Guatemala and the United States (and soon in Mexico and Colombia), as we currently have a client requesting an MDM system for their Android device retail store. This is our first time applying to this program so we can offer our services to this client and any future clients who might be interested. If you could send me the program requirements so I can apply correctly, I would be very grateful. Have a good afternoon. Greetings from Guatemala.
zero-touch; Owner credentials lost
Hi, we have a few Zebra devices registered for zero-touch and plan to use zero-touch for all regular mobile devices. the registration and all existing accounts linked to it was created by team members that are unfortunately no longer with us. i do have access to one account with administrator permissions but the account with the "owner" permission was not handed over and credentials are basically lost. which steps are necessary to recover ownership?
Intermittent QR Code Provisioning Failures with Identical Source Code
I am experiencing inconsistent behavior with QR code provisioning for Android Enterprise and am seeking guidance from the community. The Issue: QR code provisioning works intermittently, but the failure pattern is inconsistent. A provisioning QR code generated from a specific APK build will work reliably. However, subsequent builds of the exact same source code from the same Android Studio project will sometimes fail. The device displays a generic "Contact your IT admin" error. What I've Verified: The APK is properly signed and the checksum in the QR code is correct. The server delivers the APK with the correct application/vnd.android.package-archive MIME type. The DeviceAdminReceiver is correctly declared in the manifest and the associated XML resource exists. The package name and component name in the QR code are 100% accurate. Comparing a "working" APK and a "failing" APK in APK Analyzer shows no differences in the core components (package name, receivers, resources). Question: Has anyone else encountered this? Are there known issues with Android's provisioning service being sensitive to certain aspects of the APK build output that are not related to the core functionality or signature? Any insight into how to achieve consistent, reproducible builds for provisioning would be greatly appreciated.
Custom DPC app being blocked by google play services
Hi We have a custom MDM app which was built to enroll android devices with Device Owner. We have a backend which serves the configuration requires to install/block apps and settings. We are not using Android official management APIs, A few days ago we received a google play protect update on some of our devices and now whenever we try to enroll the devices using QR code enrollment it gets blocked by google play protect. Please help us understand what is required to bypass this so that we can continue to use our custom MDM app. thanks!Help Needed: Re-registering MDM After Already Signed Up Error
Hello Android Enterprise Community, I’m trying to set up my MDM, but I keep encountering the following error: "Someone at testmdm.xyz has already signed up." I have previously attempted to remove the Android Enterprise enrollment from my domain, unlinked the MDM, and followed all standard steps. However, I am unable to re-register the MDM, and my attempts to enroll devices fail. I would greatly appreciate guidance on: How to fully clear any previous Android Enterprise enrollment associated with my domain Steps to re-register an MDM successfully Any best practices or troubleshooting tips to avoid this issue in the future Thank you in advance for your help. Any advice from experienced admins or Google support is highly welcome. jasonbayton Best regards, Khaled
