User Profile
Moombas
Level 4.1: Jelly Bean
Joined 2 years ago
User Widgets
Contributions
Re: [Community tips] What guidance do you provide with new devices?
Hey, hmm i think i need to seperate here private (as for your example) and work. Private: No guides are provided but onside help or via phone (this goes in my case for all technical stuff in near family) and in regarding PC also sometimes via remote control tools if needed. Work: For some things like enrollment, how to flash a device before enrollment to latest firmware or how to use the MDM system, we provide several guides and inside helpdesks and for the endusers they also create something for "best practice" in several use cases. But what we don't do is, if OS is changing to provide a guide about that. If there's a significant change they need to be aware of, they get informed by us via news. Ofc if guides needs to be updated because of that, we do so. But yet only our helpdesks needed to be informed about such stuff, not the endusers.3Views0likes0CommentsRe: Private app shared with partner organization cannot be onboarded in their UEM solution.
Not sure if WorkspaceOne provides such functionality but on some MDM's you can provide an apk file directly (without the usage of the playstore). I would prefer this way as you have full control of the verison used.41Views0likes1CommentRe: Issue with G Suite Apps Being Marked as Disabled in Play Store
I would also recommend to add this to your config with a true and do a test enrollment. By default it's false and if those apps are preinstalled they could get disabled because of this setting during enrollment. On some MDMs you also can re-enable apps disabled by this policy (explicitly needs to know the bundleID's you want to re-enable) via script. But this would be only a solution to solve the issue for already enrolled devices but not for all future enrollments except you run it to all newly enrolled ones as well. Also keep in mind that setting this to true might enable other apps as well you might not want, so you need to disable or uninstall them after each enrollment.7Views0likes0CommentsRe: Enhancing Android Enterprise OS Update Management
I dont need a confirmation on the EMM (the currently installed oem/os/security patch version is enough) but we really want to say something like, install all oem versions up to version X. This could be model specific (makes most sense to me) or any other but should be open to the customer what kind of decision point(s) to choose.35Views1like0CommentsRe: Enhancing Android Enterprise OS Update Management
Hi Marcom, you left out "Postponed" as an actual option but i guess all IT admins agree, that a full version control on firmwares is needed. I think I (and others as well) already provided several ideas to do so. I don't know the Apple system but keep in mind that they have an easier task as they provide only their own models and firmwares where on Android you have several manufacturers with a lot of unknown firmwareupdates etc. (seen from Google side). So there must be something different. If i find the thread where we discussed that already a bit I can post it here but need to search for it again. But i don't see a reason to do so for BYOD, there i would like to just say "minimum OS version X" and/or "minimum security patch level" and that otherwise work profile get's disabled or not being able to be installed.46Views0likes1CommentRe: How to set policy through my emm in zero touch enable devices?
As mentioned by Rakib every MDM works a bit different. For ex. we use Soti Mobicontrol, where we don't use the ZT-iFrame. We directly use the ZTP (https://enterprise.google.com/android/zero-touch/customers/YOURID/configurations) and linking an MDM specific configuration to the devices. The rest is then handled during enrollment automatically by the automatically during enrollment installed MDM agent. All other apps/settings and so on are then provided to the device as soon it get's the connection to it. But the MDM you use, may work different.6Views0likes0CommentsRe: Problem Joining Work Profile From Android Device
Hmm, wonder why 4 users (or even more) on a single device make sense, so from my perspective unexpected but nice that you figured it out at least for 1 device. Ever tried a completely fresh tecno device and add it then (without anything special installed,) so only 1 "private user" and then try adding the work profile? Low RAM should only cause a device acting slow.30Views1like2CommentsRe: Android zero-touch customer portal
Just want you to know, in the device section it would be good to be able to also display the model in the table (not an option yet), if it was provided ofc. I just had a case where we saw that the reseller uploaded devices twice (same serial and order number but different model) and you can only guess which one to delete. I did it now by always choosing the 2nd entry but in case of something like that it would be good to see both to be able to delete the right one for sure.15Views2likes2CommentsRe: Problem Joining Work Profile From Android Device
Hi, i guess because of enrollment QR, it's cope, so try to add the relevant PROVISIONING_MODE to the enrollment QR. Example: "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{"PROVISIONING_MODE":"MANAGED_PROFILE"} I have in mind, this is required for COPE or even FULLY_MANAGED_DEVICE for a COBO.69Views0likes1CommentRe: [PRODUCT UPDATE] Zero-touch enhancement: Audit logs
Or they are even just not allwed to. And i see a security risk here, if someone compromises the system (getting a ZTP someway) can add any device by imei available out in the field from any customer uncontrolled and make them somehow useless/point to their MDM causing being a big theft/hack. Ofc only after a device was wiped and tried being reinstalled but it's still a risk and i can't agree to that unless it's somehow certified bought (via invoice upload in a special format or so which then get approved by the allowed resellers or so).41Views0likes6CommentsRe: [PRODUCT UPDATE] Zero-touch enhancement: Audit logs
Both was already discussed in the past afaik. Where i don't agree to 1. unless there's some kind of proof of ownage but also loooking forward to 2. ideally combined with some kind of AD (EntraID,...) integration for better security and better user handling.108Views1like1Comment