EMM
14 TopicsHELP! Enrollment Stuck on Choose Device Category
I need help. When enrolling a device on Intune, we are getting stuck on the Choose Device category page where it does not allow us to press the OK button. We have two vendors supplying us phones and the issue is happening with both vendors (devices are Pixel 8s and 9s). Please help!226Views2likes8CommentsHow to allow Android Enterprise Org ID can access opentest (or internal test) version of OEMConfig on Google Play?
We are trying to test OEMConfig with testing track (internal testing or closed testing) before make it public release new version to Google Play. However, the account with Enterprise Org ID is not able to access these versions. The account can only access Google Play App, private Apps. Is there any method to allow us accessing the testing track version apk in order to get the Schema of new version apk in order to submit to devices for configuration change. Attached screenshot show the managed Play iframe. It only show the public version of this app. Thanks Angus47Views0likes4CommentsEnhancing Android Enterprise OS Update Management
Hi, The way the Android API implements OS update management on Android Enterprise devices is not particularly useful for devices with user affinity. Are there any upcoming API changes for EMM solutions like Microsoft Intune? From my experience with the current API: AUTOMATIC – The OS update is installed as soon as it becomes available via OTA, which is not practical for real-time scenarios. WINDOWED – Similar to AUTOMATIC but with the limitation that OS updates can only be installed within a defined maintenance window. This means that if a user needs to update their device due to a software bug fixed in the latest OS version, they may not be able to do so immediately if the maintenance window is set outside working hours. Source: https://support.google.com/work/android/answer/13791272?hl=en#zippy=%2Cmanaging-system-updates-using-system-update-policies Suggested Improvements: Provide an option to control OS updates on BYOD (Work Profile only). I understand that when enrolling a device through Work Profile, only the work container can be managed via EMM. Google may need to reconsider this approach. It would be beneficial to have an approach similar to Apple’s, where EMM admins can manage OS updates (e.g., push specific updates, set deadlines, etc.) through DDM (Declarative Device Management - Source: https://support.apple.com/en-gb/guide/deployment/depc30268577/web ), even on BYOD devices (Device Enrollment) — without requiring supervision like DO (Device Owner mode). I’m aware that Samsung Knox E-FOTA exists, but it is limited to Samsung devices. Expanding this capability to all Android devices (like Google Pixel devices) would greatly improve update management in enterprise environments. BR, Marco78Views2likes5CommentsPrivate app shared with partner organization cannot be onboarded in their UEM solution.
I have added a private app to our managed play store (MS Intune) and followed the steps documented in Distribute private apps to make this available to a partner organization but unfortunately when they attempt to add the app to their UEM solution (Omnissa Workspace ONE) by play store URL they receive a http 404 response and cannot proceed. We have shared an app with them previously (same app, different productFlavor with app id suffix) and that worked seamlessly so we are bit stumped. Reaching out to our respective vendors has not been fruitful so it's not entirely clear what to do next, would appreciate any advice you have!69Views0likes4CommentsUnable to add additional owners and administrators to Manage Google Play Store
We recently disconnected our Managed Google Play account from Intune, which was initially set up with a standard Google Account. Now, we are reconnecting Intune to our Managed Google Play account using a Managed Google account that is synchronized with our Entra ID SSO. This means we can sign in with our company domain (@mycompany.com) using our Entra ID password. We are able to enroll our Android phones into Android Enterprise and publish apps to our Managed Google Play store without issues. To ensure redundancy, Google highly recommends creating a secondary owner account in case the primary account is compromised. See Google KB . I'm following the guide on assigning roles in enterprises from the Managed Google Play Help. However, my Play Store account admin screen appears quite limited compared to what I should be seeing. Here’s a screenshot of my current view: Previously, when we used a personal Google account for our Managed Google Play Store, I could invite other users to become owners. This option seems to be missing since we switched to the managed account. Could there be additional permissions in the Google Workspace admin portal that we need to grant to the Managed Google Play account to enable the option to add additional owners?9Views0likes1CommentIssue with G Suite Apps Being Marked as Disabled in Play Store
Hi everyone, We are facing an issue where G Suite apps like Google Sheets, Google Drive, and Google Docs are installed on our managed devices, but when we check them in the Google Play Store, they appear as disabled. In some cases, the apps are randomly disabled, requiring manual re-enabling. We have verified: Google Device Policy settings Apps are approved and allowed in the managed Play Store Despite these checks, the issue persists across multiple devices with G Suite apps. Has anyone else experienced this issue? If so, do you know of any workarounds or if there is an ongoing Google-side issue causing this? For reference, I have attached a screenshot showing the issue. Looking forward to insights from the community! Thanks, Rupesh65Views0likes5CommentsBenefits of an EMM
What are the benefits of using a device management tool? Device management tools have had many different terms of the years… Mobile Device Management (MDM), Enterprise Mobility Management (EMM), Unified Endpoint Management (UEM). Whatever you prefer, they are undoubtedly the cornerstone of any successful IT project that involves hardware assets. Boiling down the core functionality of these tools, they allow IT admins the ability to use a single tool to view all of the hardware assets within their organisation, distribute applications and apply configurations based on their needs. Let’s start with the basics: Why do you need an EMM? As you have probably been able to discern from the different terms for device management tools, there’s quite a few benefits that are offered by introducing an EMM to your organisation. We can boil them down into three key buckets: Asset enablement and management I love a good spreadsheet as much as the next person, but monitoring what devices are within your organisation and have access to your corporate data simply cannot be done by a static tool. EMMs provide you a great platform to see all the assets within your organisation, who is using them and if they are compliant with your organisation's security policies. IT helpdesks are overwhelmed with inbound tickets and an EMM’s asset management capabilities can really help streamline this process. An EMM, integrated into your LDAP, can help shave minutes off every inbound request. Let’s run through a quick scenario that you may have faced: An end user can’t connect their phone to the WiFi in the office, they’ve followed your guidance and dropped an email into your IT team's support distribution list saying “I’ve come into the office and my phone can’t connect to the WiFi, it worked yesterday!”. Normally the first response will be to ask the user for details about their impacted device such as the device’s serial number, phone number and version of OS. But by simply copying their LDAP and pasting it into your EMM, you’re able to view all of the devices assigned to that user, as well as all of the details you’d usually have to ask for. Your EMM will likely present you with the initial steps to resolve the issue too. In this instance the user’s device is no longer compliant with the security policies, allowing you to respond with actionable information for your end user; update your device! Securing corporate assets and data Let’s start with the big one, is the Android platform secure? Our answer is, absolutely! The 2024 security paper should be able to answer any question you have if this is something you’d like to explore further. Now we’ve established the platform is secure, let’s get into why you need an EMM to secure your assets and data. Android Enterprise is designed to be flexible enough to meet your organisations security needs and EMM’s are the key to unlocking that functionality. In some instances simply enrolling devices into an EMM is enough thanks to Android Work Profile. But we can’t forget those working in regulated industries where data retention and handling is critical. My rule of thumb is, how can we keep devices secure without providing too much friction for end users? EMMs give you all the ingredients you need as an IT decision maker to create policies that meet your organisations requirements while also being considerate to end users. It goes without saying that all organisations should have a password policy applied, and for a lot of folks this may be sufficient. But depending on the type of work your users do there may be a requirement to add additional controls, such as preventing cross profile data sharing in Work Profile. As you go deeper into the realms of keeping your corporate data secure, data loss prevention becomes a real concern and you may need to further understand exactly what is happening on your devices. AI is a real inflection point for IT admins and a great point of reference for this topic. While AI is bringing game changing tools to users, the rapid rate of development and rollout is putting strain on security teams trying to evaluate the functionality to understand what data is being processed on device or in the cloud. Android Enterprise has already rolled out controls for IT admins to control what device features are available in Work Profile or on managed devices, but there are certain OEM native features, such as keyboards, where a global control may not be an option. This is where Android Enterprise’s flexibility really shines, allowing you to use various EMM controls to limit functionality through app configurations or, in this example, setting a different default keyboard. Keep an eye out for future discussions about how to determine if an AI process is being handled on device or in the cloud. Unlock hidden savings Downtime caused by device issues directly impacts workforce productivity. When a user's device fails, productivity grinds to a halt. Not only because they can’t perform their work, but they also need to wait for IT to resolve the issue. By enrolling your devices into an EMM you can transform existing IT support processes and enable the team to resolve more issues remotely. EMMs provide automation capabilities that create reports and alerts. This automation can proactively inform end-users if their devices are about to become non-compliant with corporate policies, reducing access issues and the subsequent support tickets. Beyond these automated alerts, EMM reporting tools also provide valuable insights for strategic decision-making. For example, reports from your EMM can be used to help you to make informed decisions about device refreshes, by reviewing historical data within your EMM you can reliably view the battery health of your devices and the average remaining storage on your devices. Upon reviewing the data you could see that perhaps you can get another year out of the existing hardware or if the amount of device storage needs increasing when it comes to selecting new devices. Now let’s focus on the process transformation enabled by these tools. By deeply integrating an EMM into your support flow you can drastically reduce the time to resolution of most device related issues. I’ve frequently seen IT teams that haven’t done this require end users to “swing by their desk” with an issue, while this comes with the best intentions it is extremely disruptive to end user productivity. Let’s imagine a user has an issue with one of their applications, if the user was in person it is likely that a member of IT staff will try all the basics such as deleting device cache, reinstalling the application and eventually updating the devices firmware. In contrast, with devices enrolled in an EMM, the IT team can quickly identify the user via LDAP within the EMM console. The console will provide immediate insights into the device's compliance status, potentially revealing that the user’s device is non-compliant with security policies and providing a clear path to resolution. Why do your users need you to have an EMM? As an IT admin the goal when rolling out technology to an organisation should be to remove friction and empower our users, an EMM is a fantastic tool to enable this. Seamless access The utility of an EMM starts from the moment a user enrolls their device. If you’ve connected your EMM to your identity provider, the user can use the same login credentials they use on their other devices, coupling this with an SSO provider will allow them to seamlessly sign in to their applications. Immediately online “What's the WiFi password?” While we can’t solve this for you at home, an EMM at least prevents this question from being asked in the workplace. Creating a WiFi policy allows you to push down your WiFi credentials to all devices enrolled into your EMM. Quite a few organisations rely on VPN connectivity for their users to connect to corporate networks, this is also no problem for an EMM. Application distribution Smartphones have a vast amount of functionality out of the box, but I’m yet to come across a phone that ships with every app you need! While there is an element of enjoyment to scrolling through the Play Store and finding the apps you need, it can be very cumbersome when you have to do more than a handful. By using an EMM integrated managed Google Play you can approve applications for use within your organisation, creating a curated list of apps that your users can download. Additionally, you can also decide which applications are pushed to your users. Meaning those apps will automatically install on your users device once they have completed enrollment into your EMM. I would generally recommend limiting this to applications that are critical to your end users, such as email and calendar, but you can always change this based on feedback from your users. How do you choose an EMM? We’ve covered just a handful of the benefits of an EMM here, but there is so much more! This space has been evolving at a rapid pace ever since its inception, every day EMM’s receive dozens of feature requests and each has their own interpretation of how best to present information to IT admins. Go in with a plan Before you engage an EMM for evaluation, build out a plan for what you are trying to achieve with your devices. This will not only help you get a better grasp of the discussion but also ensure you have a clear success criteria for your proof of concept. To help you with your plan, here’s a few questions you’re likely to be asked: How many devices are you looking to enroll? Are you buying the devices for your users (corporately owned) or will they use their own devices (BYOD)? What do your users do with their devices? What apps do your users need? Who is your identity provider? What security policies do you need to comply with? When do you plan on starting this project? How to find an EMM You can’t go wrong with one of our Android Enterprise Recommended EMM partners! Thanks for reading! Are there any other key features that you utilise within your EMM that we haven’t covered here? Let us know!136Views3likes2CommentsHow to Handle Delisted Apps in Google EMM During or After Device Provisioning?
Hi everyone, We’re facing an issue where managed Android devices get stuck, preventing app installations when an app included in a policy is delisted from the Play Store. For example, we had the package “com.Xplayer” in a device policy, but when calling Products: get, it returned: “googleapi: Error 404: No product was found for the given ID., notFound.” However, this app was available earlier, and despite its removal, using the Devices: update API still updates the policy without any error or warning. Additionally, there’s a possibility that an app is present on the Play Store when it is approved and added to the policy but later gets removed or delisted by Google. This could lead to installation failures and devices getting stuck. Has anyone encountered this before? How can we prevent devices from getting stuck when an app is delisted? Does EMM automatically remove such apps from policies, or do we need to handle it manually by checking each package ID? Is there any way to get notified when an app is removed from the Play Store? Without a proactive mechanism, devices remain in a stuck state, making large-scale device management challenging. Any insights or best practices would be greatly appreciated! Thanks!56Views0likes4CommentsMigration from Airwatch to Android Management API
One of our customers is currently onboarded to Airwatch to manage their devices, but they want to move to our Android Management API (AMA) based device management solution. Is there any support available to silently migrate these devices? Or is the only way to wipe the devices and onboard AMA. I see there is support if we own the custom DPC application. But in this case since its owned by Airwatch its out of our control.45Views0likes1CommentAction Required: Your app is not compliant with Google Play Policies
Hello everyone, We recently received a notification from Google Play stating that our private app, which is only deployed within our organization on professional devices with our MDM, is not compliant with their policies. The message we received is as follows: Action Required: Your app is not compliant with Google Play Policies The funny thing is, we have the same app deployed on another Google Developer account, only the package name is different and this one has not been flagged by Google. We are puzzled by this as our app is only shared on professional devices within our organization. We do not distribute it publicly and we never know if we really need to take action when we receive this type of alert. Has anyone else faced a similar issue? Why would Google Play randomly flag and potentially remove our app? Any insights or advice on how to resolve this would be greatly appreciated. Thank you!126Views0likes5Comments