Forum Discussion
ChrisH1994
Sep 23, 2019Copper Contributor
Android Fully Managed - Backup & Restore
With the requirement to factory reset mobile devices to enroll into Android enterprise (Fully managed), it is becoming increasingly more apparent that a solution to backup data on pre-factory reset d...
MichaelOliv
Jan 26, 2021Iron Contributor
Hi,
Could you explain the configuration that you done in Intune to give the possibility to run Smart switch please?
Now we can run smart switch but impossible to link 2 phones and impossible to run the desktop application. I have the error link. Sorry it's in french.
JeremyTBradshaw
Jan 26, 2021Steel Contributor
MichaelOliv I have only tested with the desktop software option (haven't tested with device-to-device direct/cable connection, or with Samsung Cloud). I DID face the same error message you shared with the desktop app stating the device is Knox/MDM managed and so can't be connected to.
I had initially only approved the Samsung Smart Switch app in the Managed Google Play store, so it showed up in my Intune list of Android apps, but I didn't assign it. The reason I didn't assign it is that the desktop app had already successfully installed (or enabled) Smart Switch on my Android device, so I figured that was good enough. So in this state, I created an App Configuration Profile for Android Enterprise Fully Managed, Dedicated and COPE devices, of type "Managed Device", and with the selected app being the Managed Play Store Samsung Smart Switch, and the setting set to True for allowing it to run. In this state, I would get the same error message you shared.
I had a hunch the problem was with the app on the device, so I then tried just assigning the app from Intune. This alone didn't help at all. I did notice the notification on my device saying MDM was installing a required app, but I watched and didn't see any change with the already-installed app. So then I decided to assign the app as "Uninstall" from Intune, wait for it to uninstall from the device, then reassign as "Required". After this, it started working.
So the recipe for success is this:
- Don't have Samsung Smart Switch installed on the device in advance.
- Approve the app in Managed Play Store, and assign it to the necessary users or devices in Intune.
- Use an App Configuration Profile of type "Managed Device", selecting the Managed Play Store app from step 2, and set the single setting of allowed to run = true.
Hopefully that does it for you too. FYI, the restore test's results are below:
- Failed to restore my phone call history
- Successfully restored my text messages (Samsung's 'Message's app is all I tested)
- Successfully restored/installed my apps (my Device Restrictions Configuration policy is currently set to "Allow access to all apps in Google Play store" = Allow)
- Didn't restore any apps' settings.
- Successfully restored files/photos.
I'm going to keep testing for a while to get familiar with what should/shouldn't work, as I'm working towards a good sized rollout of MDM-enrolling (via Knox KME) existing devices. So need to prepare a backup/restore plan users can follow.
- jjgageMar 24, 2023Brass ContributorI had a ticket open for about 6 months with MS. It's gone all the way up to the top of the product team, and they have confirmed changes were made and anything below Android 11 will not now be able to backup to GMS when fullty enrolled in AE..................
"I am including the statement I received from the Product Group below:
On Android 11 the “fully managed device with a work profile” is deprecated. It is now officially called “Work profile on company-owned device.
The privacy of the personal profile is enhanced which limits the visibility of data and apps for the organization. Also, users are notified when an admin enables location services.
A major drawback of the COPE profile in pre-Android 11 versions was that it did not allow you to use Android’s backup capabilities in the personal profile.
Because this happened in the personal profile, it was not possible to adjust this through Intune since Intune only manages the work profile.
Due to the improved privacy layer in Android 11, it is now possible to use the backup facilities in the personal profile. Enrolling the COPE profile no longer results in the backup being turned off in the personal profile.
The public mentions of this were obscure/hard to find, so our Engineering team will work on our Intune official documents to include this information more clearly for our customers in the future to find this information more easily."
Mentions found were the following:
There is a Microsoft Official reply on the following announcement of COPE:
https://techcommunity.microsoft.com/t5/intune-customer-success/intune-announcing-public-preview-for-android-enterprise/ba-p/1524325
Google's official page also mentions pre-Android 11 backup not possible:
https://support.google.com/work/android/thread/87312409/backup-options-for-android-for-enterprise-devices?hl=en"
Below is a summary of the support request for your records:
Symptom: Unable to use backup services on Android Enterprise devices enrolled with COPE on Android 9 personal profile despite no app config/protection pushed to disallow it
Cause: Pre-Android 11 this is not possible
Resolution: Confirmed statement received from Product Group - jjgageDec 14, 2022Brass ContributorSomething very weird going on though.
I have two devices - a Samsung S10 running Android 12 and a Samsung T395 tablet running Android 9.
They are both setup identicial on AE using QR code.
The S10 is able to backup to Google services no problem at all.
The tablet Google backup services is greyed out.
IDENTICAL policies applying - I'm using the same email address removed for privacy reasons account on both devices..........
Go figure that. - MichaelOlivMar 25, 2021Iron ContributorHello,
It seems that the last version of Smart switch resolve or problem. Nothing change since weeks on our configuration but with last update of the app is now working. I hope it will last. - JeremyTBradshawJan 28, 2021Steel Contributor
Yes, I am working with a Fully Managed (Android Enterprise, not Device Adminstrator). I had no issues when testing while the device was unmanaged. It was only after I wiped the device and enrolled as Fully Managed that I ran into this topic at all.
- MichaelOlivJan 28, 2021Iron Contributor
Thanks for your answer and your idea of unassign policy and try.
So I tried with a phone without compliance and without a device configuration except wi-fi network. And still the same error. So I don't understand.
Next test, I tried to install the phone like a personnal phone (without flash a qr code and without install company portal). It works. So it's really problem with Android Enterprise and the intune configuration.
And finally last test, I tried to enroll a phone keeping constructor application. Don't work too.
In all my test app configuration was in succedeed.
You all try in Fully managed?
- MichaelOlivJan 28, 2021Iron Contributor
Thanks for your answer and your idea of unassign policy and try.
So I tried with a phone without compliance and without a device configuration except wi-fi network. And still the same error. So I don't understand.
Next test, I tried to install the phone like a personnal phone (without flash a qr code and without install company portal). It works. So it's really problem with Android Enterprise and the intune configuration.
And finally last test, I tried to enroll a phone keeping constructor application. Don't work too.
In all my test app configuration was in succedeed.
You all try in Fully managed?
- Klaus Østergren NielsenJan 28, 2021Copper Contributor
JeremyTBradshaw MichaelOliv : I am sorry for the late reply in this thread. The customer for whom I have set it up use it to migrate from phone to phone. And it is only used for Samsung mobiles / tablets. But it does the job and uses the app configuration MichaelOliv displays in a reply above this. Hopefully these comments are useful. I will follow the thread and comment if I can provide insights.
- JeremyTBradshawJan 28, 2021Steel Contributor
MichaelOliv just wondering, if you look at your device in Endpoint Manager, do the Smart Switch app config policy and the device restrictions config policy both show as "Succeeded"? I ask because during the period when I wasn't assigning the app, only the app configuration profile, my app config. profile was stuck at "Pending". It was only after I did the whole assign as uninstall, then required, that it finally applied.
If possible, you might have better luck if you unassign any policies from the device, then just apply the very bare minimum for compliance/device restrictions, and then the Smart Switch Managed Play Store app, and app config policy. If you can get that working, then start adding things back one at a time, you might find something that has been getting in the way.
- MichaelOlivJan 26, 2021Iron Contributor
- JeremyTBradshawJan 26, 2021Steel Contributor
MichaelOliv I do remember one other thing I've done. In my Device Restrictions device configuration profile, I set USB Storage to Allow (under the section General > Fully managed and dedicated devices). I noticed that for that setting, Not configured translates to Blocked. Also in General > Fully managed, dedicated, and corporate-owned work profile devices, I have left USB file transfer as Not configured, which translated to Allow.
- MichaelOlivJan 26, 2021Iron Contributor
Thanks for your detail answer.
For me is still not work.
I tried to:
Uninstall smart switch
Create a new app configuration
Install smart switch
But when I run smart switch on phone and approve asks for authorisation, I have this:
This is my app configuration:
I tried with pc application, same error like in my previous post. It seems that I have something else that block but I don't know what.