User Profile
Simon
Level 2.0: Eclair
Joined 9 months ago
User Widgets
Contributions
Re: Copy-paste issue (COPE)
I don't have the full picture, so please take this with the pinch of salt. The way I was explained, it's not Microsoft fixing things this time, and it should be fixed "beginning of August". Being sarcastic - nobody said which year, but I'm happy there's a workaround 🙂3.1KViews1like1CommentRe: Copy-paste issue (COPE)
Thanks all for your input. I'm being vague intentionally (NDA), but this is now being looked into and should be fixed. Sharing workaround if someone else runs into this before resolution: Create a new device restriction policy Set copy/ paste to Allow and save Reset copy/paste to Not configured and save. Please note workaround doesn't work for existing policies, you need to create a new policy3.2KViews3likes3CommentsRe: Copy-paste issue (COPE)
Re conflicts, I can't see any conflicts in Intune. Single configuration profile assigned to the device according to Intune device properties page, KSP is not in production and there's only one configuration in the tenant (testing), app configurations excluded for testing, enrolment restrictions do exist, but they're blocking old OS versions, enrolment itself does succeed. So pretty sure there are no conflicts. Devices appear as Android Enterprise (not Android for work) in Intune, ownership is corporate. We enrol them via QR code or Android Zero touch (details uploaded to Google by reseller), so they're enrolled as expected as much as I know. Microsoft support was... doing their thing. Explained that setting is "Not configured", so they don't control the setting and I need to speak with the phone manufacturer re "OS defaults". When I asked how I can prevent the data leak, I was told to use applications which can be protected via Application Protection Policy (Intune App SDK) and if apps I need don't support that, I need to speak with software developers so their apps are compatible with Intune Application Protection Policies. In a nutshell - it's not our problem until you prove it's our problem.8.9KViews0likes1CommentRe: Copy-paste issue (COPE)
Please don't apologise that you need to get back to work, I appreciate your time and effort and have no expectations you have a solution. The purpose of posting here is to get ideas/ suggestions, which hopefully would lead to a solution. Re report (export), I don't know how things should be represented, but Intune still shows values as per my screenshot. At this point I can't compare it against anything else as I don't have a "working" solution. Re "Set Enable work profile policies" it's probably not represented in the log as without it other policies are not processed and I get some errors in KSP. Thanks for the screenshots. What I find interesting, that you profile doesn't appear to have "Allow moving files from work profile to personal space" configured. Either way I fully replicated the settings you shared (OEMConfig + restriction profile) and can still copy-paste text from work to personal profile 😖 The only 3 theories I have at the moment: Microsoft updated Intune "templates" and newly created policies behave differently from the older ones, this would explain why you couldn't restrict data leak with the new profile, but I understand it's at a conspiracy level theory The tenant configuration is different - over a year ago we had an issue where available apps were missing in the store and the fix applied by Microsoft was to migrate our tenant to the new Android API (whatever that means) There's a setting outside the areas I'm looking into The dream continues9KViews0likes3CommentsRe: Copy-paste issue (COPE)
Hopefully we're talking about the same thing: { "mCategoryMap": { "RCP_CATEGORY": { "mKeyMap": { "poRCPMoveFilesFromWorkProfileToPersonal": { "mData": null, "mMessage": "[Allow moving files from work profile to personal space in Work profile policies (Profile Owner) successfully processed.]", "mPolicyStatus": true, "mReportStatus": 1 }, "poRCPMoveFilesFromPersonalToWorkProfile": { "mData": null, "mMessage": null, "mPolicyStatus": false, "mReportStatus": 0 }, "poRCPShareClipboardToData": { "mData": null, "mMessage": "[Enable Sharing of Clipboard Data to Owner in Work profile policies (Profile Owner) successfully processed.]", "mPolicyStatus": true, "mReportStatus": 1 }, "poRCPDataSyncPolicy": { "mData": null, "mMessage": "[Enable RCP data sync policy (Configure profiles below) in Work profile policies (Profile Owner) is not supported by this device.][14001][This policy is not supported for this knox version or higher.]", "mPolicyStatus": true, "mReportStatus": 1 } } }, "CMFA_CATEGORY": { "mKeyMap": {} }, "KPU_CATEGORY": { "mKeyMap": { "profileName": { "mData": null, "mMessage": "Knox policies in EMEA_v1.34 successfully processed", "mPolicyStatus": true, "mReportStatus": 1 }, "kpePremiumLicenseKey": { "mData": null, "mMessage": "Successfully activated license key ending with ...PNJZ", "mPolicyStatus": true, "mReportStatus": 1 } } } }, "mStatus": "SUCCESS", "mTimeStamp": 1721038679013 }9KViews0likes7CommentsRe: Copy-paste issue (COPE)
The case with Samsung is open for a while now, but it's not looking promising. I was told "we're limited to what we can do in Intune" KSP app has debug mode enabled. The app is installed, Knox license is accepted, profile name (version) match what I see in Intune. The only setting which is not supported is "Enable RPC data sync policy (Configure profiles below)" with the following message "This policy is not supported for this knox version or higher". Not too worried as according to Samsung's documentation it's not supported from Knox 3.8.0 and phone is on 3.10.09.1KViews0likes1CommentRe: Copy-paste issue (COPE)
The license is there (deleted it in the screenshot). KSP on the device displays message "Successfully activated license key ending with..." So I ruled license issues out Added additional setting as per your message: Still the same experience - can copy text from work profile apps. Would be funny if it wasn't sad 😑9.5KViews1like4CommentsRe: Copy-paste issue (COPE)
Settings related to files is what Samsung guys initially suggested, but it has no effect on copy-paste of text according to my testing. Re your earlier comment, Intune is not perfect, but I find working with Intune protected apps (Intune App SDK) refreshing.8.1KViews1like1CommentRe: Copy-paste issue (COPE)
Thanks for your response. That Intune setting is for file access only. It restricts accessing files from personal profile, which in my world is part of the job. Re text copy-paste Intune has another: What's worse, is that if policy is created for BYOD and not COPE, the settings are "Block" and "Not configured". I did set the KSP setting you mentioned to "false", but it had no effect in my scenario. The documentation I found implies it's to do with clipboard sharing between the devices. Not bothered about that currently 😊 I strongly believe I need to find a way how to control CrossProfileCopyPaste setting: https://developers.google.com/android/management/reference/rest/v1/enterprises.policies#crossprofilecopypaste9.6KViews1like10CommentsCopy-paste issue (COPE)
Hello Everyone, I have a slight issue with copy-paste on Corporate owned, personal enabled devices (COPE) managed via Intune. To put it simple - people can copy text from work profile to personal. Happy to be pointed to the basics if I missed something obvious, but I feel stuck. Intune configuration for COPE devices has 2 values: "allow" or "not configured" (not helpful). I had support cases open with Microsoft and Samsung, but former blames OS defaults, while latter blames Intune (not helpful). I couldn't identify the setting in OEMConfig (Knox Service Plugin), so got Google Enterprise account, configured it for Zero Touch enrolment using Intune token and realised that I was looking into "crossProfileCopyPaste" control and don't have a clue how to use it in DPC extras and if that's even possible. Is it possible to use AMAPI with Intune management? If yes, does anyone have any examples? What are other ways to restrict copy-paste from work profile to personal? I find it difficult to believe I'm the only one having the issue. Thank you in advance11KViews1like29Comments