Samsung Secure Folder and DUAL messenger features - not available in COPE

jarmo_akkanen
Level 2.0: Eclair

‎12-29-2023 01:19 AM

Dear community, hope everyone had lovely Christmas time!

I just wanted to raise one issue you also might been run into. It's about Samsung Secure Folder and Dual Messenger features on COPE enrolled devices. Unfortunately these features are not available in COPE enrolled Samsung devices.

We used to have all 10k fleet enrolled as BYOD and  Secure Folder/Dual Messenger features were/are available. Now only personal owned devices are enrolled as BYOD and corporate owned devices are enrolled as COPE method.

Unfortunately there is no setting available for us to make this work on the COPE enrolled devices on EMM side.

According to Samsung, they have not updated Secure Folder software in 5 years and and don't necessarily expect we will get any update.
The "error message" is very misleading: "Security policy prevents the installation of Secure Folder". Because there is no security policy setup in EMM (Microsoft Intune) for this feature. It's just pure Samsung thing.

As mentioned... Samsung Secure Folder solution does not work on COPE enrolled Samsung devices but nice surprise is that on ThinkPhone (Motorola) , Secure Folder works even on COPE. This also implies that Samsung really could make it work if they wanted to put in the development effort, as it is not totally restricted by the Android Enterprise architecture of COPE since the ThinkPhone is able to do it. But so far Samsung does not seem to still support this app much.

More on this topic from here:
https://communities.vmware.com/t5/Workspace-ONE-Discussions/Android-Samsung-Impossible-to-enable-Dua...


-jarmo

4 REPLIES 4

Moombas
Level 4.0: Ice Cream Sandwich

‎01-02-2024 02:43 AM

Hi Jarmo,

did you try to provide the Samsung secure folder app (https://play.google.com/store/apps/details?id=com.samsung.knox.securefolder&hl=de&gl=US) via EMM to the COPE device?

0 Kudos

jarmo_akkanen
Level 2.0: Eclair
In response to Moombas

‎01-04-2024 01:18 AM

Hi Moombas,
Good point, we have not tried to provide secure folder as a work app because this app is only used for personal purposes. Employees want to store their private photos, files, banking apps etc... in secure folder.
Anyway, thanks for the hint. We will test option to provide secure folder as work app.
-jarmo

0 Kudos

Moombas
Level 4.0: Ice Cream Sandwich

‎01-04-2024 01:42 AM - edited ‎01-04-2024 01:42 AM

Ah, and then it somehow doesn't make sense. I mean my thinking in that case was wrong (thought you want it to be used for work purpose).

But if you enroll the COPE device, how do you do it? QR or maybe Zero-Touch?

Do you have keep system apps enabled set to true in the DPC's? If not this may help as otherwise several apps gets uninstalled/deactivated during enrollment.

 

0 Kudos

jasonbayton
Level 4.0: Ice Cream Sandwich

‎01-04-2024 06:49 AM

Given the Samsung error, it's reasonable to assume it's a Samsung-imposed limitation. Have you looked through KSP for anything related to this? Perhaps they've locked it behind a premium API?

0 Kudos