Work Profile
50 TopicsEnhancing Android Enterprise OS Update Management
Hi, The way the Android API implements OS update management on Android Enterprise devices is not particularly useful for devices with user affinity. Are there any upcoming API changes for EMM solutions like Microsoft Intune? From my experience with the current API: AUTOMATIC – The OS update is installed as soon as it becomes available via OTA, which is not practical for real-time scenarios. WINDOWED – Similar to AUTOMATIC but with the limitation that OS updates can only be installed within a defined maintenance window. This means that if a user needs to update their device due to a software bug fixed in the latest OS version, they may not be able to do so immediately if the maintenance window is set outside working hours. Source: https://support.google.com/work/android/answer/13791272?hl=en#zippy=%2Cmanaging-system-updates-using-system-update-policies Suggested Improvements: Provide an option to control OS updates on BYOD (Work Profile only). I understand that when enrolling a device through Work Profile, only the work container can be managed via EMM. Google may need to reconsider this approach. It would be beneficial to have an approach similar to Apple’s, where EMM admins can manage OS updates (e.g., push specific updates, set deadlines, etc.) through DDM (Declarative Device Management - Source: https://support.apple.com/en-gb/guide/deployment/depc30268577/web ), even on BYOD devices (Device Enrollment) — without requiring supervision like DO (Device Owner mode). I’m aware that Samsung Knox E-FOTA exists, but it is limited to Samsung devices. Expanding this capability to all Android devices (like Google Pixel devices) would greatly improve update management in enterprise environments. BR, Marco78Views2likes5CommentsIssue with G Suite Apps Being Marked as Disabled in Play Store
Hi everyone, We are facing an issue where G Suite apps like Google Sheets, Google Drive, and Google Docs are installed on our managed devices, but when we check them in the Google Play Store, they appear as disabled. In some cases, the apps are randomly disabled, requiring manual re-enabling. We have verified: Google Device Policy settings Apps are approved and allowed in the managed Play Store Despite these checks, the issue persists across multiple devices with G Suite apps. Has anyone else experienced this issue? If so, do you know of any workarounds or if there is an ongoing Google-side issue causing this? For reference, I have attached a screenshot showing the issue. Looking forward to insights from the community! Thanks, Rupesh65Views0likes5CommentsProblem Joining Work Profile From Android Device
I created an enrollment token for an enterprise for work profile, and I ensured that setAllowPersonalUsage("PERSONAL_USAGE_ALLOWED"); was set for the token. How ever when I try to join from my android 11(tecno) and android 14(google pixel 7) device with work profile via the ADP app, I get : Can't add work Profile A work profile can't be added to this Pixel. If you have questions, contact your IT admin. However from my emulator device running Android 15, I could join the enterprise using work profile.195Views0likes13CommentsManaged Google Play private app not available on Corporate-owned devices with work profile
Hi community, I'm encountering a strange issue and could use some guidance. A Google developer account released an app to Managed Google Play (so it's automatically private and not available on the public store) and entered our organization ID in the appropriate field. We can find the app on the iframe in our MDM (Microsoft Intune in this case), select it, and assign it to groups. Everything looks good: BYOD deployments (Personally-owned devices with work profiles) can install the app from the Managed Google Play store. However, COPE devices (Corporate-owned devices with work profiles) cannot search for it, and it's also not visible in the app collections we've created. Could there be a setting in the Google developer account's store listing that prevents availability for COPE devices? I've exhausted all options in Intune, including multiple store syncs, with no success. Intune is telling me, that the App is available to install on the specific COPE devices, but it does simply no appear. The only thing left to check is the Google developer account that released the app for us. Has anyone else experienced this issue? Any hints or suggestions would be greatly appreciated. Thanks! Walter192Views0likes11CommentsNon-work app in the Work profile
I have a work profile and I have company apps installed from intune. I also have 'personal' apps in the Work profile. These were added by me using the Work profile version of the Google Play store. As a result, I have work and non-work apps co-existing in the Work profile. My question is if my Employer can see those non-work apps and the app data which are in the Work profile?56Views0likes2CommentsDeleting and Erasing Device Using the AMA API
When I use the Android Management API to delete a device from an enterprise, the device is deleted but the physical device is not wiped, I can still see that the Physical device is connected to the enterprise from the device it self. The device is in fully managed mood. I want to ask if this is the normal behavior, because I'm expecting that when I delete a device from an enterprise with AMA API, the physical device should be cleared and factory resetted?53Views0likes5CommentsCan't add a new private app to a Collection in Managed Google Play Store (Intune)
Hello, i've recently published a new private app to our Managed play Store through the iFrame in Intune. I can assign the app now, install it and search for it on the Work Profile Play Store on my phone but i can't find the app when i want to add it to a collection. We have a few similar private apps already published and these work fine. It is only the most recent one i can't find in the collections. Is there another Sync i am missing or is it a problem with our Managed Play Store? Thanks for the help. BR Seb84Views0likes2CommentsWork profile on S25 Ultra
Just bought a Galaxy S25 Ultra a few weeks ago and unfortunately I'm not able to create a work profile with MS Intune. I've tried all workarounds that I found on Reddit and Samsung community (https://us.community.samsung.com/t5/Galaxy-S25/New-S25-Ultra-Unable-to-setup-work-profile-using-company-portal/td-p/3126410/page/29). I think that this can be related to some Android Enterprise support because I could not find any reference of the models when searching for it. Does anyone else are having issues when trying to create a work profile on S25 series?289Views1like5CommentsCan't open Samsung tablet default camera from the EMM application.
I have a EMM application where I want to configure the profile with some application like Play Seppo or Zoom. 1. From EMM application I have open a application like zoom or Play seppo 2. Now zoom or Play seppo need default camera [Samsung tablet camera] 3. When try to open camera application throw some error log like below Note: Also I can't open default camera app directly with the package name but others application I can. -> How can I get camera access for EMM application for secondary user and the others application? Error: Sending non-protected broadcast com.samsung.intent.action.MDE_SUGGESTION_NOTIFY from system 1207:system/1000 pkg android Is there any security issue to open camera or how can I use samsung default camera in EMM application ?Solved56Views0likes3Comments