Copy-paste issue (COPE)

Simon
Level 2.0: Eclair

‎07-05-2024 03:04 PM

Hello Everyone,

I have a slight issue with copy-paste on Corporate owned, personal enabled devices (COPE) managed via Intune. To put it simple - people can copy text from work profile to personal. Happy to be pointed to the basics if I missed something obvious, but I feel stuck.

Intune configuration for COPE devices has 2 values: "allow" or "not configured" (not helpful). I had support cases open with Microsoft and Samsung, but former blames OS defaults, while latter blames Intune (not helpful).

I couldn't identify the setting in OEMConfig (Knox Service Plugin), so got Google Enterprise account, configured it for Zero Touch enrolment using Intune token and realised that I was looking into "crossProfileCopyPaste" control and don't have a clue how to use it in DPC extras and if that's even possible.

Is it possible to use AMAPI with Intune management? If yes, does anyone have any examples? What are other ways to restrict copy-paste from work profile to personal? I find it difficult to believe I'm the only one having the issue.

Thank you in advance

29 REPLIES 29

Moombas
Level 4.1: Jelly Bean
In response to Simon

‎07-14-2024 10:52 PM

Maybe now it makes sense to open a support case @Samsung but one thing you could check before (and maybe grab for such a case) is enabling the debug mode and check what it tells you. Maybe for some reason the clipboard poilcy fails to apply. But if not, there is maybe an issue in the firmware or so.

0 Kudos

Moombas
Level 4.1: Jelly Bean
In response to Michel

‎07-08-2024 12:54 AM

Just to add here, i see more options available in KSP as well:

Moombas_0-1720425209028.png

 

Simon
Level 2.0: Eclair
In response to Moombas

‎07-08-2024 01:16 AM

Settings related to files is what Samsung guys initially suggested, but it has no effect on copy-paste of text according to my testing.

Re your earlier comment, Intune is not perfect, but I find working with Intune protected apps (Intune App SDK) refreshing.

Moombas
Level 4.1: Jelly Bean
In response to Simon

‎07-08-2024 01:25 AM

In my opinion the lowest option ("Enable sharing of Clipboard Data to Owner") should be the one to look into.

Everyone is fine to choose his/her prefered MDM 😉 And to be honest, i don'T have experience with Intune protected apps as it looks like something i don't use but as long as i can use managed app config and also Microsoft 365 integration in our MDM i stay with that 😛

Moombas
Level 4.1: Jelly Bean

‎07-07-2024 11:13 PM - edited ‎07-07-2024 11:17 PM

In our MDM is an option to turn off the possibility to copy/paste from work profile to the user profile.

Same for sharing from work profile to personal profile.
But i never tested that but pretty sure someone would have raised an issue about that in the community of our MDM already if that would have been the case but haven't seen something like this the last years.

Moombas_0-1720419330065.png

So, i think it's not an Android issue but more likely again an Intune issue (I'm so happy we didn't swithc to it in the past when i read all the issue here about it + our testing exerience).

But it would be good if someone with experience with using this functionality could shortly verify here that it's working on their end (from any MDM).