Blog Post

Intune Customer Success
4 MIN READ

Known Issue: Some management settings become permanent on Android 14

Intune_Support_Team's avatar
Dec 19, 2023

Updated 4/15/24 - We have received the following updates from Google:

  • For personally-owned work profile devices:
    • Prevent app installations from unknown sources in the personal profile becoming permanent will be mitigated in the March security patch.
    • Threat scan on apps will still require a factory reset of the device to clear the settings.

 

Google recently identified two issues in Android 14 that make some management policies permanent on non-Samsung devices. When a device is upgraded from Android 13 to Android 14, certain settings are made permanent on the device. Additionally, when devices that have been upgraded to Android 14 are rebooted, other settings are made permanent on the device.

 

For example, let’s say you are managing a device with a personally-owned work profile running Android 13, with the settings Block camera and Block apps from unknown sources enabled in the management profile. When that device updates to Android 14, the camera will become permanently blocked, even if you later disable the Block camera setting in Intune. After the update to Android 14, when the device reboots, apps from unknown sources will also become permanently blocked, even if you later disable Block apps from unknown sources in Intune.

 

Due to the severity of the issue, we do not recommend updating non-Samsung devices to Android 14 at this time. On Android Enterprise devices, you can use Intune device restrictions policies to postpone system updates. For more details, see Managing system updates on Microsoft Intune managed Android Enterprise corporate devices.


Unfortunately, this is a bug at the operating system level, meaning the only way to fix it is for the device OEM to release an OS update containing patches to Android itself. Intune and other device management providers do not have control over when these patches will be available.

Issue 1: A device that has been upgraded to Android 14 is rebooted

When devices that have been upgraded to Android 14 are rebooted, certain settings are made permanent on the device. Devices that shipped with Android 14 will not be affected.


This issue currently affects devices enrolled with personally-owned work profiles.

 

Settings affected

 

Personally-owned work profile

  • Threat scan on apps
  • Block apps from unknown sources

Fully managed, Dedicated and Corporate-owned work profile
Google recently released a fix for this issue on fully managed, dedicated, and corporate-owned fully managed devices. Prior to this, the following settings could also have become permanent on devices after rebooting:

Fully managed and Dedicated:

  • Add new users
  • Allow users to enable app installation from unknown sources in the personal profile
  • Bluetooth configuration
  • Camera
  • Date and Time changes
  • Developer settings
  • External media
  • Factory reset
  • Microphone adjustment
  • System error warnings
  • Tethering and access to hotspots
  • Threat scan on apps
  • USB file transfer
  • USB storage
  • Volume changes
  • Wi-Fi access point configuration

Corporate-owned work profile:

  • Date and Time changes
  • Developer settings
  • Tethering and access to hotspots
  • Threat scan on apps
  • Wi-Fi access point configuration

 

Issue 2: A device is upgraded from Android 13 to Android 14

When a device is upgraded from Android 13 to Android 14, certain settings are made permanent on the device.

 

The following enrollment types are affected by this issue:

  • Fully managed
  • Dedicated
  • Corporate-owned work profile
  • Personally-owned work profile

 

Settings affected

 

Fully managed and Dedicated

  • Allow users to enable app installation from unknown sources in the personal profile
  • Beam data using NFC
  • Bluetooth configuration
  • User removal
  • Wi-Fi access point configuration


Corporate-owned work profile

  • Allow users to enable app installation from unknown sources in the personal profile
  • Beam data using NFC
  • Bluetooth configuration
  • Camera
  • Copy and paste between work and personal profiles
  • Developer settings
  • Roaming data services
  • Tethering and access to hotspots
  • USB file transfer
  • User removal
  • Users can configure credentials
  • Wi-Fi access point configuration

Personally-owned work profile

  • Camera (set to ‘Block’)
  • VPN (set to ‘Enabled’)
  • Copy and paste between work and personal profile
  • Prevent app installations from unknown sources in the personal profile
  • Add or remove accounts (set to ‘Block all account types’)
  • One lock for device and work profile

Next steps

Currently, the only way to clear settings that have become permanent is:

  • (Personally-owned work profile) Remove the work profile from the device.
    • Note: If configured, the settings Threat scan on apps and Block apps from unknown sources cannot be cleared by removing the work profile.
  • (All enrollment types) Factory reset the device.

 

Google is currently sharing patches with other device OEMs for these issues, which OEMs will integrate into their OS update images going forward. Device OEMs will determine if, and how, their devices will receive these fixes. When released, these OEM patches will prevent these issues in the future, but if a device has already upgraded to Android 14 and experienced the issue, any settings that have been made permanent will remain on the device.

 

We’ll continue to provide updates on this post as they’re available. If you have any questions leave a comment below or reach out to us on X @IntuneSuppTeam.

 

Post updates:

12/19/23: Updated post to clarify the affected settings under Issues 1 & 2.

04/15/24: Updated post with latest update from Google.

Updated Apr 15, 2024
Version 5.0
  • 777mebin's avatar
    777mebin
    Copper Contributor

    Seems the issue has auto-resolved.

    what can be the cause of this issue any idea?

  • Hi 777mebin and vaggar1437, thank you both for the feedback. We checked with the team, and there are no current known issues flagged on our end relating to these issues. If these issues persist, could you both please send us a message so we can discuss in further detail? Thanks!

  • vaggar1437's avatar
    vaggar1437
    Copper Contributor

    We are seeing some issue with Samsung knox S23 devices getting rebooted during the enrollment process and never completes the enrollment. Any suggestions what can be done or checked ?

  • 777mebin's avatar
    777mebin
    Copper Contributor

    Thanks for the input.

    But, here the issue is User is unable to create work profile.

     

    Thank you!

     

  • bolinder75's avatar
    bolinder75
    Copper Contributor

    We noticed after updating to android 14 that if you have managed homescreen for kiosk devices enabled and you have set a password  to exit the managed homescreen it will not let you exit.

    This issue is on Samsung devices.

  • 777mebin's avatar
    777mebin
    Copper Contributor

    Will there be issue with enrollment of company portal??There are two devices as of now one is Samsung F54 5G and Nothing Phone(2) with Android 14 OS has issues while enrolment its saying "can't add work profile"

    Can you please guide how to proceed further?We have removed accounts from Settings>>accounts but still same issue.

     

    Thank you so much