Intune will end support for custom profiles for Android Enterprise personally owned work profile devices on April 1, 2025.
Years ago, before Microsoft Intune provided the many Android settings available today, Microsoft Intune introduced custom configuration profiles for Android Enterprise personally owned work profile devices. Custom profiles allow admins to configure settings that weren’t built into the Microsoft Intune admin center, leveraging Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings used by device manufacturers.
Today, admins can configure all of the settings available in custom policies for personally owned work profile devices through other policy types in the Microsoft Intune admin center. The one exception is configuration of Basic Wi-Fi profiles with a pre-shared key, which will be supported in Wi-Fi configuration profiles in the first quarter of calendar year 2025.
Because custom profiles are harder to configure, troubleshoot, and monitor, and offer no additional benefits now that equivalent settings are available in the Microsoft Intune admin center, we’re ending support for custom profiles for Android Enterprise personally owned work profile devices on April 1, 2025.
Note: This change only applies to custom profiles for Android Enterprise personally owned work profile devices and doesn’t impact custom profiles for Android device administrator devices.
How does this affect you or your users?
After Intune ends support for custom profiles for personally owned work profile devices in April 2025:
- Admins won’t be able to create new custom profiles for personally owned work profile devices. However, admins can still view and edit previously created custom profiles.
- Android Enterprise personally-owned work profile devices that currently have a custom profile assigned will not experience any immediate change of functionality. Because these profiles are no longer supported, the functionality set by these profiles may change in the future.
- Intune technical support will no longer support custom profiles for personally owned work profile devices.
How to prepare for this change
To prepare for this change, follow these steps to check if you have custom profiles for personally owned work profile devices and learn how to set up alternate policy types:
- Navigate to the Microsoft Intune admin center.
- Identify the custom policies in use in your tenant:
- Select Devices > Android > Configuration.
- Filter the Platform column by Android Enterprise to get a list of Android Enterprise policies.
- Sort the Policy type column and look for all the policies with policy type listed as Custom. (If none are found, then no action is needed.)
- Create policies with equivalent settings. See tables below for settings mapping.
- Assign the new policies to the same groups that had been assigned the custom profiles.
- Unassign all groups from the custom profiles.
- Test and confirm device behavior is unchanged, that the new profile settings fully replace functionality from the old custom profiles.
- Delete the custom profiles.
Replacements for custom settings
Below is a mapping from custom settings to the alternate settings that you should use instead.
Work profile settings
Wi-Fi settings
Custom setting |
Equivalent setting |
./Vendor/MSFT/WiFi/Profile/<SSID>/Settings
|
Create a Wi-Fi policy with your chosen Wi-Fi configurations for personally owned work profile devices. Here you will also be able to configure Wi-Fi with a preshared key when it becomes available.
|
./Vendor/MSFT/WiFi/<SSID>/Settings |
|
./Vendor/MSFT/DefenderATP/Vpn |
Create an app configuration policy for managed devices and set Targeted app to Microsoft Defender: Antivirus and then configure VPN |
VPN settings
Custom setting |
Equivalent setting |
./Vendor/MSFT/VPN/Profile/<vpn name>/PackageList
|
Create VPN profiles with your chosen VPN configuration for personally owned work profile devices
|
./Vendor/MSFT/VPN/Profile/<vpn name>/Mode
|
|
./Vendor/MSFT/DefenderATP/AntiPhishing |
Create an app configuration policy for managed devices and set Targeted app to Microsoft Defender: Antivirus and then configure Anti-Phishing. |
./Vendor/MSFT/DefenderATP/DefenderExcludeAppInReport |
Create an app configuration policy for managed devices and set Targeted app to Microsoft Defender: Antivirus and then configure Hide app details in report and Hide app details in report for personal profile. |
./Vendor/MSFT/DefenderATP/DefenderTVMPrivacyMode |
Create an app configuration policy for managed devices and set Targeted app to Microsoft Defender: Antivirus and then configure Enable TVM Privacy and Enable TVM Privacy for personal profile |
./Vendor/MSFT/DefenderATP/Vpn |
Create an app configuration policy for managed devices and set Targeted app to Microsoft Defender: Antivirus and then configure VPN |
Stay tuned to this blog for updates! If you have any questions or feedback on this change, leave a comment on this post or reach out on X @IntuneSuppteam.
Post updates
12/10/24: Minor formatting fixes.