User Profile
lgstalder
Level 2.0: Eclair
Joined 2 years ago
User Widgets
Contributions
Android 14 - issue to update some restriction policies
Hello, We were informed by our MDM vendor that there is an on-going issue on Android 14 that is preventing some restrictions settings to be updated : https://kb.vmware.com/s/article/95776 Is there any official communication and plans to solve this major issue ?2.3KViews0likes2CommentsRe: Recent Android change regarding Wifi configuration
Best approach is usually to update the current Wifi profile. Most of our devices are using 4G so it shouldn't be a problem on our side. However, if I remember test I've done in the past, when the existing wifi profile is updated, the current wifi configuration is maintained until the new profile is received on the device. Once received, the old configuration is removed and replaced by the new one. In this scenario, even if you have devices that are using the Wifi only, it shouldn't be a problem to update the wifi configuration. Luc31KViews0likes0CommentsRe: Recent Android change regarding Wifi configuration
We are on the way to solve the issue that was brought by the new requirement regarding the domain value for Wifi. Testing was done successfully on our preproduction environment and will be pushed soon in production. Regarding communication of the updates, it could be good to have a thread in this community that would give information about changes that could impact customers like the change on the domain for Wifi. It would also permit Google to receive some real feedbacks from the field because I guess it's complicated to have an exhaustive picture about the impacts when something like this is changed. Luc31KViews0likes2CommentsRe: Recent Android change regarding Wifi configuration
Yes, we are also using Workspace One. Actually, when you pull the identity cert from the CA, WS1 is by design retrieving the client certificate with also the certificate chain. For Android 13, in the Wifi payload, we have the Credential 1 that is our CA and the the credential 2 that is our root certificate. Then, in the wifi configuration tab, we have selected credential 1 as Identity Certificate and credential 2 as Root Certificate. Luc34KViews0likes1CommentRe: Recent Android change regarding Wifi configuration
It’s also WS1 that we are using on our side. It was actually for Android 12 devices that we faced the issue. In the Wifi payload for Android 12 we don’t have any root certificate that was imported in the configuration. We have only the client certificate. For Android 13 we have another wifi payload that is including both the client and the root certificates and as “Identity Certificate” we have selected the client certificate and as “Root certificate” we have selected the root certificate that was imported in the payload. Luc33KViews0likes1CommentRe: Recent Android change regarding Wifi configuration
On which version of Android are you facing this ? We faced the same symptoms some months ago. If the Wifi payload was configured to trust a root certificate and if this root certificate was the same as the one that is in the certificate chain of the client certificate, this triggered the issue. We needed to remove the trust of the root certificate in the payload to have the connection working again. According to some investigation, it seems that the system was by default trusting the certificate chain of the client certificate and forcing to trust again the same root was causing the issue. Have you tried to remove the trust with the root CA in your WiFi profile ? Luc34KViews0likes3CommentsRecent Android change regarding Wifi configuration
Hi everyone, I just want to share the current situation we are leaving in my company and that could be interesting for other Android customers as well. With the Android security update released in May 2023, Google has changed some requirements to connect on a corporate Wifi. The "domain" value has now to be filled in the Wifi profile that is pushed on the device, otherwise the profile will not install on the device and the wifi connection will fail: https://developer.android.com/guide/topics/connectivity/wifi-suggest "The framework enforces security requirements on TLS-based Enterprise suggestions (EAP-TLS, EAP-TTLS, and EAP-PEAP); suggestions to such networks must set a Root CA certificate and a server domain name." This change was not communicated to our EMM vendor or to us and we started to have a lot of device that were impacted. Moreover our EMM vendor was not supporting this additional parameter in the console UI and we are in the way to upgrade our platform to finally have this support in the very last version released this week. I don't know if we could be warned in advance regarding such kind of change in the community because it has very huge impact for us and I guess for other customers. Luc35KViews6likes23Comments