Forum Discussion
Android 15 - CredentialProviderPolicy not surfaced by Intune
I have been having an issue with Android 15 devices. We use Authenticator as our password autofill provider. As soon as a device is updated from Android 14 to Android 15, the password autofill provider is no longer set and the setting to change it is 'blocked by work policy.' I have already tried removing all policies that apply to the devices (device config and device compliance policies) and factory resetting them. Simply having them enrolled as corporate owned fully managed devices causes this to happen.
I raised the issue in the Android Enterprise community blog. A link to that is included below. Someone on that thread found that there is a policy in Android 14/15 called the credentialproviderpolicy. When that policy is blocked or unconfigured, this behavior happens. I cannot find anywhere in Intune where I can set this policy. It seems that it is allowed by default when managing Android 14 with Intune, but not set or blocked when the device switches to Android 15.
Is there any way to specifically set a policy that is not reflected in the Intune UI? This is a blocker for being able to move more phones to Android 15.
Link to Android Enterprise thread: https://www.androidenterprise.community/t5/admin-discussions/android-15-cannot-set-default-password-app/m-p/8827#M2105
Thanks,
Tom
31 Replies
Can confirm, I was able to enable Keeper as a credential provider, then pretty quickly update that on my phone.
Great news guys, there is finally a solution! What's new in Microsoft Intune - Microsoft Intune | Microsoft Learn See the release notes of the 27th of april:
Configure credential manager permissions for Android Enterprise devices
Just tested this out, and for me it works :)This is finally resolved!
Device configuration
Configure credential manager permissions for Android Enterprise devices
You can now control which applications act as system-level credential providers on managed Android Enterprise devices running Android 14 and higher. Credential providers are responsible for password autofill and passkey storage.
To configure credential manager permissions, go to Apps > Android > Configuration > Managed Devices and choose Android Enterprise as the platform type.
By default, Android blocks third-party credential providers on managed devices. This configuration setting lets you:
Allow specific apps (such as Microsoft Authenticator or a third-party password manager) to act as credential providers
Enable passkey-based sign-in across managed Android Enterprise devices
Maintain control over which credential sources are trusted on corporate devices
A known limitation is that Google Password Manager can't act as a credential provider on corporate-owned work profile or personally owned work profile devices. It is blocked on the end user's device. Use a different credential app as a workaround.
For more information, see Add app configuration policies for managed Android Enterprise devices.
Applies to:
Android fully managed devices (COBO)
Android dedicated devices (COSU)
Android corporate-owned devices with a work profile (COPE)
Android personally owned devices with a work profile (BYOD) using Android Management API (AM API)
You can use Google Password Manager by creating an App Configuration Policy with com.google.android.gms as the CredentialProvider.
Seems like Microsoft has at least added the topic to their Intune "In development" page, but there is no timeline yet 😣
https://learn.microsoft.com/en-us/intune/whats-new/in-development#configure-credential-manager-permissions-for-android-enterprise-devices
In my Intune system, CredentialProviderPolicy is now available in the App Configuration Policy.
Well, we’ve been waiting a long time for a solution from Microsoft.
Since Microsoft is now pushing for the adoption of passkeys (phishing-resistant MFA), we are more compelled than ever to address this issue. If there isn’t a solution to configure the CredentialProviderPolicy soon, we’ll be left with only two options:
1. Switch completely away from Intune to another MDM
2. Switch all business phones to iPhone
Either will be pain
Still no updates? Google claims the ball is Microsoft's court. https://issuetracker.google.com/issues/385775377?pli=1
This is completely insane. It drives everyone up the wall to have to manually copy and paste passwords. Users have gotten so mad that we were forced to reconfigure devices not to use work profiles.
Microslop is an AI driven dumpster fire.
Still a problem. Any update?
This has obviously not happened by the end of 2025. Is there any update? We are at the point where we are considering moving from Microsoft to Google.
It would be nice if Microsoft published something regarding their effort on this.
