Samsung Secure Folder and DUAL messenger features - not available in COPE

Question

Dear community, hope everyone had lovely Christmas time!

I just wanted to raise one issue you also might been run into. It's about Samsung Secure Folder and Dual Messenger features on COPE enrolled devices. Unfortunately these features are not available in COPE enrolled Samsung devices.

We used to have all 10k fleet enrolled as BYOD and Secure Folder/Dual Messenger features were/are available. Now only personal owned devices are enrolled as BYOD and corporate owned devices are enrolled as COPE method.

Unfortunately there is no setting available for us to make this work on the COPE enrolled devices on EMM side.

According to Samsung, they have not updated Secure Folder software in 5 years and and don't necessarily expect we will get any update.
The "error message" is very misleading: "Security policy prevents the installation of Secure Folder". Because there is no security policy setup in EMM (Microsoft Intune) for this feature. It's just pure Samsung thing.

As mentioned... Samsung Secure Folder solution does not work on COPE enrolled Samsung devices but nice surprise is that on ThinkPhone (Motorola) , Secure Folder works even on COPE. This also implies that Samsung really could make it work if they wanted to put in the development effort, as it is not totally restricted by the Android Enterprise architecture of COPE since the ThinkPhone is able to do it. But so far Samsung does not seem to still support this app much.

More on this topic from here:
https://communities.vmware.com/t5/Workspace-ONE-Discussions/Android-Samsung-Impossible-to-enable-Dual-Messenger-feature-or/td-p/2260737

-jarmo

moombas · Answer

Hi Jarmo,did you try to provide the Samsung secure folder app (https://play.google.com/store/apps/details?id=com.samsung.knox.securefolder&amp;hl=de&amp;gl=US) via EMM to the COPE device?

jarmo_akkanen · Answer

Hi Moombas,Good point, we have not tried to provide secure folder as a work app because this app is only used for personal purposes. Employees want to store their private photos, files, banking apps etc... in secure folder.Anyway, thanks for the hint. We will test option to provide secure folder as work app.-jarmo

moombas · Answer

Ah, and then it somehow doesn't make sense. I mean my thinking in that case was wrong (thought you want it to be used for work purpose).

But if you enroll the COPE device, how do you do it? QR or maybe Zero-Touch?

Do you have keep system apps enabled set to true in the DPC's? If not this may help as otherwise several apps gets uninstalled/deactivated during enrollment.

jasonbayton · Answer

Given the Samsung error, it's reasonable to assume it's a Samsung-imposed limitation. Have you looked through KSP for anything related to this? Perhaps they've locked it behind a premium API?

Forum Discussion

Samsung Secure Folder and DUAL messenger features - not available in COPE

Related Content

Zero-Touch-Registration is not available

[FIX Available] TosError responses accessing zero-touch customer API

[FIXED] Service Announcement: Available work apps missing in Managed Play Store on device

App not available to add to collection in managed google play using Intune

[Product Update] Signup and Device Enrollment: New Features and upcoming plans

Recent Discussions

How to prevent users from disabling global proxy settings on fully managed Android devices?

REALLY NEED HELP

The customer reported to us a problem with contact SMS which is not displayed on the personal side (only the numbers are displayed but not the names of the contacts)

Custom MDM solution

How to add, update, and remove pinned shortcuts as a Device Owner without user interaction?