Force settings on Dedicated devices during enrollment
Hello all, I'm trying to deploy a Dedicated device profile in Microsoft Intune, I created the configuration profiles and the compliance policy with some settings, in specific about PIN creation and complexity, but during the setup users are not asked to enter any PIN, and at the end the device result non-compliant until the PIN is set and is fulfilling the rules I set. Is there by any chance a way to force the PIN creation request during the enrollment phase as happens for user-associated devices? Thanks in advance /Lucius
Work Profile Password Complexity affects Personal Space device password that unlocks the device : Intune
Hi, Personally owned devices with a work profile running on Android 12 and above devices today, we are over controlling their personal space by demanding complex password setup. there are two passwords affected by this Password complexity setting in Intune : The device password that unlocks the device The work profile password that allows users to access the work profile Even we choose medium complexity, user are getting a notification to change the device password to complex. this is not feasible for the BYOD scenario. Yes, i can understand security perspective avoid simple passcode, but policy shouldn't force for lengthy and complex passwords. how you configured this password complexity your environment ?.Setting UntrustedAppsPolicy to DISALLOW_INSTALL does not prevent app installs
We have devices provisioned on an Android Enterprise policy where the AdvancedSecurityOverrides.UntrustedAppsPolicy is set to DISALLOW_INSTALL, but users are still able to download APKs via browser and install them. Is there another setting that someone is aware of that would prevent this behavior? Thanks all.How to connect my google workspace account to zero touch enrollent
Hello everyone, I have a google business plus account and developing EMM android application and looking for zero touch enrolment but when i try to access zero touch from the admin console it says you don't have permission to access this page so my question is how can i enroll device to zero touch without reseller provided account i can't use zero touch directly from my admin console? if i can use then how could is possible? Thank you!
[Enhancement Request] Allow push notifications during OOBE setup process
Android does not allow any push notifications during the OOBE (out of box experience) setup process. This presents challenges during Intune enrollment because we require users to satisfy MFA (SMS or MS Authenticator) in order to complete Entra AD device registration and device enrollment. The inability to receive push notifications on the new Android they are configuring requires users to configure their MFA on a secondary device before starting the setup of the new device, or obtain a temporary access pass from our Security Team. If OOBE supported push notifications it would resolve this and provide a much simpler and easier enrollment/user experience.
Securing third party keyboard traffic
We are facing a situation where users are complaining about the default Samsung Keyboard that comes with Galaxy devices as the corporate device. We are looking into providing other options such as Gboard and Swiftkey but the problem is we are unable to fully secure traffic going to these third party services. For Gboard there are some options onthe MDM as amanaged app while Swiftkey does not have many options. Main reason we stick with Samsung is the Knox service plugin which helps secure the device more including keyboard however it only applies to samsung keyboard. With each other keyboard we introduce we have to rely on the key value pairs that come with the app to select options we can lock down as needed. Not all the app developers are enterprise focused so its hard to get any feature requests thoguh. Only other thing I can think of is blocking traffic at a network level to ensure nothing goes through but then we would need to know the addresses that are used. Has anyone faced this situation?
