we have an app that requires to set 'Allow all the time' for location permission. We are using Intune MDM and the android 13 enrolled device are using the enrolment of android enterprise corporate-owned fully managed and corporate-owned with work profile.
In Intune, there is app config and I set both location auto grant and deploy to the devices.
After the app config is deployed successfully to the device, I checked the location permission for the app is still 'don't allow'
Then I launch the app to accept the location permission prompt to select 'allow only while using the app'. However, the user is still able to change location permission for the app.
Question is this by design that user is able to change the location permission of an app even it is set as auto grant in MDM? Is there a way or is it by design that google does not allow MDM to set 'allow all the time' for an app location permission and it needs to be set by user manually? Could not find any official answer from google or microsoft on this location privacy thing if it is by design.
Did you already set the default permission policy to auto-grant (https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-android-for-work)?
(I don't use Intune but that was what i found)
Hmm, then it somehow sounds very like an issue at Intune as i haven't found anything else about this.
I would expect it just be granted to the app by the MDM as well but we don't have COPE in place yet but (funny thing) just starting investigating.
So, maybe I can see then if this is happening in our MDM as well or not but i think it could make sense to ask MS about it if no one other here raises the hand and can tell you maybe why it's like that.
