Forum Discussion
Android - Corporate-owned devices with work profile - Screen lockout time
Hi,
I have an issue with some Android devices managed via Intune.
These devices are enrolled as "Corporate-owned devices with work profile".
Initially, the devices have been enrolled with a specific set of settings.
We now have a need to change the screen lock timeout of those devices to allow for different screen lock timeouts.
The issue is that the new settings are not applied on the devices.
We have set everything to our needs, but the new policy is just not applied.
The initial set of settings is still in effect.
Reboot, Sync, Wating for a couple of days, etc... nothing changes the settings.
I have created a new enrollment profile with the desired settings as a matter of test. When enrolling new devices, these settings are correctly applied. It does what we want it to do.
However, settings these settings on devices already enrolled doesn't seem to do much.
We woud very much like to avoid having to enroll all those devices again. Logistically it is almost impossible to get them to do that due as those particular users are not very IT-minded.
Does anyone have any idea on what to do here?
The devices with this issue are CAT phones wchich run on Stock Android (v12).
I have tested this with a Samsung Galaxy phone and have the exact same issue.
Am I missing something here?
This should be possible, right?
Thank you for your time.
3 Replies
Hi NidalT,
How did you change the settings? Did you create a new policy with these settings, or did you adjust the current policy to reflect the new settings?
If you created a new policy, it is important that you unassign the old policy. Otherwise, you will have conflicting policy settings and the most restrictive will win.
If you updated the current policies, they should be applied to the devices during the next policy cycle, or after pressing sync on the device or the Intune portal.
To troubleshoot the issue, you could go to the devices blade in the Intune portal and select one of the devices that don't get the new settings from there. Once you selected the device, you can see the policies that are assigned to it.
- If the policy that contains the new settings doesn't show up there, you should have a look at the assignment of the policy
- If the policy shows up, you can select the policy and see in detail which settings are applied. If the new settings are not in the list, you should check the policy again. It will also show if there's a conflict with another policy.
Hopefuly this points you in the right direction. If you have any additional questiosn, let me know.
Regards,
Ruud
- Hi Ruud,
Initially I have adjusted the existing settings.
This, however, didn't do anything.
I have then created a new configuration profile with the desired settings.
Excluded the devices I'm testing with from the initial configutation profile and assigned it to the new profile.
I can clearly see that the devices have this new configuration profile applied. Not the old one. Only the new profile.
Clicking on it shows all green checkmarks and each setting is applied.
I obviously did sync the policies in the Intune app. But as this is already going on for weeks there is also a lot of time passed in between ๐
What does work though is if I wipe the device and onboard it from scratch with the same configuration profile and same policies. Here I do see the desired options in the Security settings.
The settings are just not "unlocked" on devices that are already onboarded. The policy is exactly the same.
I can even reproduce the issue.
I have created a new enrollment profile, created a dynamic Azure AD group to add devices to which are onboarded with that profile.
Set the device restriction to how I don't want it to be. (as before).
Then, after device is onboarded I changed the same policy to my desired configuration, but nothing changes on the devices.
If I would onboard again with the desired settings in place, the options would show correctly.
So, as far as I can see, in the testing I've done in the last couple of weeks...
Once onboarded and once the settings are applied, you can pretty much do whatever you want with the configuration profile (device restrictions). Nothing will be applied to the devices already onboarded.
I have even opened a Premer Support ticket with Microsoft. They found it odd, but at the end said that they cannot guarantee that Intune will work on all Android devices.
To mee this seems like one of the most basic features that should just work.
If this doesn't work, you basically don't have any management capabilities.
Yes, you have the option to wipe the devices. And that's about it.
That is why I opened this community post in hopes that someone has more experience with it than me and might push me in the right direction.
I can't imagine that such a basic thing doesn't work.- Hi Aldin,
hopefully someone else has some additional insights. Unfortunately, I don't have any extensive experience with CAT devices.
Regards,
Ruud
