User Profile
Alex_Muc
Level 2.3: Gingerbread
Joined 2 years ago
User Widgets
Contributions
Re: Microsoft Intune
The problem should be identical to the following topic: Work profile on S25 Ultra | Android Enterprise Customer Community - 10331 JpferschHave you performed a software update to the March (/current) patch and tried the enrollment again? As Moombas has already mentioned, listing the devices as Android Enterprise Recommended is not a requirement for enrollment with a Work Profile. The issue is more of a bug. I was unable to reproduce the problem with an S25 and a different EMM.Re: Work profile on S25 Ultra
gustavossilvas Is the problem still there for you? I tested yesterday with a S25 (SM-S931B) and could not find any problems with the Work Profile Enrollment. I tested it with the security patch level from February and March. We use Omnissa WorkspaceONE. However, since the admin apps differ (CustomDPC vs Android Device Policy), there may also be different behavior. Omnissa had noticed a problem, especially with Custom DPC Enrollment, if the version of Google Play Services (com.google.android.gms) is less than 24.29.00.Re: Managed Google Play private app not available on Corporate-owned devices with work profile
I wasn't even aware that the Android package names are case sensitive. I haven't found much documentation on the Internet, e.g. information on the manifest.xml: https://developer.android.com/guide/topics/manifest/manifest-element In the past, we had apps from external devs that also used capital letters, but different versions were clearly named. (e.g. with numbers at the end) This is definitely an interesting test case. I won't be able to test it in the next two weeks, but I would like to try it out with our UEM. In any case, I find it strange that the app works with BYOD but not with COPE.Re: Work profile on S25 Ultra
Particularly for such problems, you can use the Knox Admin Portal as a company to create tickets for Samsung. (And ideally, bug reports and the reproduction steps are supplied directly 😁) But I would bet that someone has already done this and Samsung is working on the problem. 😃Re: Work profile on S25 Ultra
You could use the TestDPC to test if creating a work profile generally works on the S25 Ultra. If there are also problems with the TestDPC, the problem does not necessarily have to be with Intune. In the post you shared, some people actually tried this and also had problems with the TestDPC. The S25 series is not yet listed as ‘Android Enterprise Recommended’, but I wouldn't worry about that. The certification will probably still take some time. And even when Samsung did release devices without ‘Android Enterprise Recommended’ in the past, the devices worked perfectly with Android Enterprise. I probably will be able to test it with a Galaxy S25 in a week. I really hope that we don't find any major bugs. 😅 However, I am a little sceptical after the many Android 15 delays and news like this. Since Android 16 is already planned for release in Q2/2025, I find the many postponements due to OneUI7 very unfortunate on Samsung's side.Re: Galaxy S25
The S25 receives software updates for 7 years. However, the release interval may change from monthly to quarterly after 4 years. Samsung publicly lists until when devices receive updates. (Curiously, this is missing for the S25) https://www.samsungknox.com/en/knox-platform/supported-devices Information on the current release intervals and the fixed CVEs can be found here: https://security.samsungmobile.com/workScope.smsbRe: (COPE) Hide app in work profile
Yunchuan Hm, that could be a bug in the newer model. It doesn't seem to be due to the configuration and we don't have any problems with Android 14. Have you ever requested a bug report / verbose logcat logs from the customer? Ideally, you might see errors there. The policy controller triggers the action and the system gradually works through the necessary steps. Maybe an error occurs during a single action, as a result of which the app remains visible in the launcher. But that's just a guess for now. For example, these are two of many pieces of information when Google Meet is deactivated in the Work Profile (=userId 10): 02-28 12:18:37.159 1167 31382 I PackageManager: setApplicationHiddenSettingAsUser, packageName: com.google.android.apps.tachyon, userId: 10, hidden: false, callingUid: 1000, callingPackage: system 02-28 12:18:40.827 1167 1367 I SettingsProvider: onPackageRemoved (userId 10) PackageName = com.google.android.apps.tachyonRe: (COPE) Hide app in work profile
Yunchuan Can you say what the customer's purpose is for “LEAVE_ALL_SYSTEM_APPS_ENABLED:true”? Is there a included non-system app that would otherwise not be available? Or is a certain system app simply no longer available in the Work Profile? Has the customer tested the policies with devices from another OEM? Can apps be deactivated correctly in the Work Profile? I don't know the current status at Ivanti regarding CustomDPC vs. AMAPI. If a CustomDPC is still in use, we actually have a good comparison with WorkspaceONE. However, I cannot reproduce the problems described. We have the option to blacklist apps. (For Work Managed and in the Work Profile) This uninstalls (non-system) apps. System apps are blocked and hidden. However, you can also explicitly enable system apps if, for example, they have been deactivated via the DPC Extra. For example, we would only need “LEAVE_ALL_SYSTEM_APPS_ENABLED:true” for Work Managed devices if an OEM supplies a non-system app that is not available in the PlayStore.Re: Why is the Google Play organization ID different depending on where you look?
okmickthere are good reasons why we are asking explicitly. So far, EMM registration, email and OrganizationID were a 1:1:1 relationship. It was simply impossible to have two EMM registrations or OrganizationIDs with one e-mail address. Therefore, there is no harm in double-checking this, even if you may see it differently. Hence two further questions: When did you do the EMM registration? Do you have a Managed Google domain? Because the only other thing that comes to mind is the topic: [Product Update] Configure and bind multiple Android Enterprise Mobility Management providers | Android Enterprise Customer Community - 910Re: (COPE) Hide app in work profile
I don't know the exact configuration in Ivanti (/Mobileiron) for blacklisting apps. For Android Enterprise / Work Profile you can set up an app control and block specific app IDs. If apps are disallowed via App Control, they can no longer be used in the Work Profile. This might help: https://help.ivanti.com/mi/help/en_us/cld/admin/ivanti/91/all/en-us/Allowed_apps.htmRe: Fleet device settings
Is there a way to use Custom Settings profile to set this on devices? The Custom Settings Profile in WS1 UEM has a rather specific purpose. WS1 UEM sends configurations (/profiles) as XML data to the CustomDPC (“Hub”). The Hub then applies the configuration to the device using the appropriate APIs. These XML data can be edited manually using the custom settings. This is usually used when new functions have been implemented in Hub but cannot yet be configured with the WS1 UEM interface. The custom settings can therefore only be used to set settings that are explicitly built into the Hub. Unfortunately, it is not possible to change individual system settings.Re: Managed Google Play private app not available on Corporate-owned devices with work profile
Are the two devices the same device type / device model? I've seen this kind of behavior in the past when an app is restricted to certain display sizes via manifest.xml. (I am thinking of this) Such apps could be installed manually as apk, but Google Play refused to install them. I am not aware that an app can be restricted to certain Android management modes via manifest.xml / Managed Play. A privateApp available for an OrganizationID is generally available to the UEM. The UEM then releases the app for certain GoogleUserIDs/GoogleDeviceIDs in the background, making the apps available on the devices in Managed Play. (at least with the EMM API) Either the app assignment is not quite right, or the app is not compatible with certain devices.Re: Why is the Google Play organization ID different depending on where you look?
I also suspect, like jasonbayton, that different Google accounts are being used for the comparison. Have a look in the Intune settings to see which Google account is used for the Managed Google Play / EMM registration. The OrganizationID from the iFrame belongs to this account. This should be the relevant organizationID for the software vendor.Re: Google Play services for AR (ARCore) is not available as a Managed Play Store app
dhitomi I did not see the app in the search results on unmanaged devices. The app is available for Managed Play, but since the app is probably excluded in the search, it cannot be explicitly assigned via MDM. For testing purposes, you could use the developer options of the web browser to trick the search in the iFrame and open the app entry in the iFrame. Open the Google Play iFrame Right-click on any store entry (image or text) -> Inspect Replace the AppID in the html-code with com.google.ar.core Open the modified link in the iFrame Original link <a href="/managed/apps/details?id=com.android.chrome"><div class="WsMG1c nnK0zc" title="Google Chrome">Google Chrome</div></a> Modified link <a href="/managed/apps/details?id=com.google.ar.core" data-focusid="19"><div class="WsMG1c nnK0zc" title="Google Chrome">Google Chrome</div></a>Re: How to obtain the eSIM EID (Embedded Identification Document) from a device with DO (Device Owner) active?
Michel I asked Samsung in January if they will add the EID retrospectively. We were not the first customer to ask, but I have not yet received a proper answer. With WorkspaceONE, we can also report the EID of Apple devices without any problems. For Android, the reporting of SIM cards still needs to be improved. I am curious to see if the EID can then also be reported there. Otherwise, the EID is often (Samsung & Pixel devices) printed as a barcode on the device boxes.Re: Google Play services for AR (ARCore) is not available as a Managed Play Store app
It looks as if the AR Core is generally excluded from the search results. Presumably because the installation is performed automatically in the background on compatible devices. Is the customer really sure that the app is not installed in the background? The AR Core is more of a headless app and does not have an app icon in the launcher. In my case, the AR Core is installed in all areas of BYOD devices / COPE devices. (Personal Space, Private Space, Work Profile) I don't have a fully managed device to hand at the moment.Re: How can I become Enter the Android Enterprise EMM community and become Android Enterprise Partner?
The reasons for a rejected application to the Partner Program can probably only be answered directly by Google. Maybe the requirements for the desired partner type are not met in the application. There are several partner types in the Partner Program. (OEMs, EMMs, Resellers, etc.) The requirements for each partner type can be found here: https://developers.google.com/android/enterprise
