User Profile
Alex_Muc
Level 2.3: Gingerbread
Joined 2 years ago
User Widgets
Contributions
Re: Celebrating World Earth Day! Share your experiences
Lizzie 7 years of updates are definitely a game changer! The 4-year updates apply from the release date. If a device is not used until a year after release, only a maximum of 3 years remain. With 7 years, you can achieve a much more reliable service life of a solid 5 years. As long as the battery holds up. 😄 If users are not willing to switch to a new device, there may be various reasons for this. Either they really want to act sustainably, cannot find the time to transfer data or have become very attached to the device and do not want a change. In addition to the desire to act sustainably, there is often a justified lack of understanding as to why a device that is physically in perfect condition needs to be replaced.Re: ATOK installation Failed in Corporate-owned devices with work profile
I do understand Microsoft's basic idea of not opening a Google ticket for this particular issue. But Microsoft's statement is not quite correct. Partners (/EMM providers) open tickets with Google. Not the customers. https://support.google.com/work/android/answer/10107746 Have you checked in Managed Google Play if the app is only available in certain countries? This app is limited to Germany and Austria, for example: https://play.google.com/work/apps/details?id=de.mainis.ivena_manvRe: Celebrating World Earth Day! Share your experiences
We try to use devices for as long as possible. In fact, we could keep some of them in service for much longer, but have to replace them due to a lack of security patches. For example, we have currently a device series that no longer receives updates after 4 years. The devices are still fast and even meet the recommended hardware requirements for Android 15. It's a real pity that these devices then have to be replaced for security reasons. But at least the new devices in the series will receive updates for 7 years. Of course, we replace devices with defects and bad batteries. But our users often like to use the device for as long as possible. We have a recycling partner who erases all our old devices in compliance with data protection regulations. If the devices are no longer usable, the materials are recycled. If the devices are in good condition and are in demand, they are given a second life. ♻️ But not all devices end up being recycled. We keep individual devices in display cases so that guests can also view a few devices from the last few decades that we used. 😄Re: Help Needed: Support for Device Enrollment on Android (Corporate/Work Profile)
Google Mobile Services (GMS) are required for Android Enterprise. It is advisable to select the Android Enterprise Reccommended devices. Depending on the OS version, certain hardware and software criteria must be met for certification. Depending on the features, there are different minimum requirements for the major release. The requirements can be checked via the feature list or on the page using the solution sets.Re: Google-Services on Android 15 _ Enrollment
Rakib I recently had a use case where certain Google services need to be active for Fully Managed Devices for certain features to work. I really would have liked to have the option to agree to the terms as an admin. Unfortunately, when users enroll themselves, they sometimes deselect important options. For fully managed devices in particular, I could imagine the DPC Extras as a potential solution.Re: Block Input devices
I don't think I've seen any restrictions that would explicitly block HID devices. With Samsung devices, you can configure the type of USB connection using the Knox Service Plugin. (Advanced Restriction policies, "Set USB Device Connection Type"; Charging) However, I do not know whether the setting enforces the connection type or only preconfigures it.Re: Google-Services on Android 15 _ Enrollment
jasonbaytonI know this dialog as a constant, unskippable companion of Android Legacy and AE (EMM API) Enrollments. Do you know how the CloudDPC / AMAPI behaves here? I've seen demo videos from Microsoft where they actually skip quite a few dialogs like this from the setup wizard for Fully Managed.Re: Managed Google Play private app not available on Corporate-owned devices with work profile
w4lterI finally had time to test the issue today. Unfortunately, I didn't get far enough to test the app install on different enrollment modes. Omnissa does not handle the BundleIDs case sensitive. Therefore, I cannot get the second app, which is only different in upper/lower cases, from the iFrame into the UEM for distribution. I hope that the developer can provide you with a new app with a new BundleID that differs from other apps not only in terms of capitalization.Re: Work profile on S25 Ultra
MichelOut of curiosity: Does Microsoft have KB articles for Intune that provide information about the new OS major release and its dependencies on features and compatibility? I'm used to articles like this from Omnissa. They describe a few new OS features, from which version onwards business apps are fully compatible and whether there are any known bugs with the OS version. Also in relation to major OEMs such as Samsung.Re: Microsoft Intune
The problem should be identical to the following topic: Work profile on S25 Ultra | Android Enterprise Customer Community - 10331 JpferschHave you performed a software update to the March (/current) patch and tried the enrollment again? As Moombas has already mentioned, listing the devices as Android Enterprise Recommended is not a requirement for enrollment with a Work Profile. The issue is more of a bug. I was unable to reproduce the problem with an S25 and a different EMM.Re: Work profile on S25 Ultra
gustavossilvas Is the problem still there for you? I tested yesterday with a S25 (SM-S931B) and could not find any problems with the Work Profile Enrollment. I tested it with the security patch level from February and March. We use Omnissa WorkspaceONE. However, since the admin apps differ (CustomDPC vs Android Device Policy), there may also be different behavior. Omnissa had noticed a problem, especially with Custom DPC Enrollment, if the version of Google Play Services (com.google.android.gms) is less than 24.29.00.Re: Managed Google Play private app not available on Corporate-owned devices with work profile
I wasn't even aware that the Android package names are case sensitive. I haven't found much documentation on the Internet, e.g. information on the manifest.xml: https://developer.android.com/guide/topics/manifest/manifest-element In the past, we had apps from external devs that also used capital letters, but different versions were clearly named. (e.g. with numbers at the end) This is definitely an interesting test case. I won't be able to test it in the next two weeks, but I would like to try it out with our UEM. In any case, I find it strange that the app works with BYOD but not with COPE.Re: Work profile on S25 Ultra
Particularly for such problems, you can use the Knox Admin Portal as a company to create tickets for Samsung. (And ideally, bug reports and the reproduction steps are supplied directly 😁) But I would bet that someone has already done this and Samsung is working on the problem. 😃Re: Work profile on S25 Ultra
You could use the TestDPC to test if creating a work profile generally works on the S25 Ultra. If there are also problems with the TestDPC, the problem does not necessarily have to be with Intune. In the post you shared, some people actually tried this and also had problems with the TestDPC. The S25 series is not yet listed as ‘Android Enterprise Recommended’, but I wouldn't worry about that. The certification will probably still take some time. And even when Samsung did release devices without ‘Android Enterprise Recommended’ in the past, the devices worked perfectly with Android Enterprise. I probably will be able to test it with a Galaxy S25 in a week. I really hope that we don't find any major bugs. 😅 However, I am a little sceptical after the many Android 15 delays and news like this. Since Android 16 is already planned for release in Q2/2025, I find the many postponements due to OneUI7 very unfortunate on Samsung's side.Re: Galaxy S25
The S25 receives software updates for 7 years. However, the release interval may change from monthly to quarterly after 4 years. Samsung publicly lists until when devices receive updates. (Curiously, this is missing for the S25) https://www.samsungknox.com/en/knox-platform/supported-devices Information on the current release intervals and the fixed CVEs can be found here: https://security.samsungmobile.com/workScope.smsbRe: (COPE) Hide app in work profile
Yunchuan Hm, that could be a bug in the newer model. It doesn't seem to be due to the configuration and we don't have any problems with Android 14. Have you ever requested a bug report / verbose logcat logs from the customer? Ideally, you might see errors there. The policy controller triggers the action and the system gradually works through the necessary steps. Maybe an error occurs during a single action, as a result of which the app remains visible in the launcher. But that's just a guess for now. For example, these are two of many pieces of information when Google Meet is deactivated in the Work Profile (=userId 10): 02-28 12:18:37.159 1167 31382 I PackageManager: setApplicationHiddenSettingAsUser, packageName: com.google.android.apps.tachyon, userId: 10, hidden: false, callingUid: 1000, callingPackage: system 02-28 12:18:40.827 1167 1367 I SettingsProvider: onPackageRemoved (userId 10) PackageName = com.google.android.apps.tachyonRe: (COPE) Hide app in work profile
Yunchuan Can you say what the customer's purpose is for “LEAVE_ALL_SYSTEM_APPS_ENABLED:true”? Is there a included non-system app that would otherwise not be available? Or is a certain system app simply no longer available in the Work Profile? Has the customer tested the policies with devices from another OEM? Can apps be deactivated correctly in the Work Profile? I don't know the current status at Ivanti regarding CustomDPC vs. AMAPI. If a CustomDPC is still in use, we actually have a good comparison with WorkspaceONE. However, I cannot reproduce the problems described. We have the option to blacklist apps. (For Work Managed and in the Work Profile) This uninstalls (non-system) apps. System apps are blocked and hidden. However, you can also explicitly enable system apps if, for example, they have been deactivated via the DPC Extra. For example, we would only need “LEAVE_ALL_SYSTEM_APPS_ENABLED:true” for Work Managed devices if an OEM supplies a non-system app that is not available in the PlayStore.
