Forum Discussion
auto grant location permissions for Intune Android application
Thanks AhmedLS. If we look at the documentation for the platforms that support the Locate device capability, we can read this:
Android Enterprise – Applicable to dedicated devices, fully-managed, and corporate-owned work profile devices. Requires the device to run Google Play Services version 20.06.16 or later and have Location services turned on and "Google Location Accuracy" enabled. The "Google Location Accuracy" setting can be found under Settings > Location > Location Services. Corporate-owned work profile devices running Android 12 or above require the end user to grant Intune app location permission by going to Settings > Apps > Intune (in the Work tab) > Permissions > Location > Allow all the time.https://learn.microsoft.com/en-us/mem/intune/remote-actions/device-locate?WT.mc_id=EM-MVP-5001447#supported-platforms)
So unfortunately, it does seem like this step has to been done manually by the user for the Corporate-owned devices with work profile (COPE) enrollment method. The example pictures on the blog post was from a fully managed (COBO) device where it probably works different.
Hi AhmedLS, there have been some changes lately which are described well in this post. Please read and see if that helps you.
https://www.petervanderwoude.nl/post/remotely-locating-corporate-owned-android-enterprise-devices/
i followed the steps on that post actually and if you check the last comment you will see my name there. i ended up with a ticket to microsoft and it appears that Intune Android Application doesnt support App Configuration policy by design. not sure why it doesnt work for me yet but will keep trying to figure it out
AhmedLS thanks for the explanation.
Maybe I'm not understanding your problem correct, but are you unable to get the Location permission for the Intune app to be set to [X] Allow all the time?
Which type of Android enrollment are you using in this case?- we have the android enterpirse enrollment through Samsung Knox. i created a new profile and enabled device location as per the link you posted but when trying to locate an android device through intune it fails. when checking the device i see intune has no permissions to device location. when enabling permission to device location (all the time), locating devices through intune works. tried to create an application configuration policy to enable "Grant all the time" but by design intune android app (company portal) cannot be configured this way. so the problem is that i cannot get device location to be activated.
AhmedLSthanks, I understand that you cannot create an App Configuration Policy for it, but as far as I am aware, you would not have to do that in order for it to work.
But for me to understand exactly, I would like to know which of the following Android Enterprise enrollment methods you are using? (since the availability of remotely locating the device depends on the Android Enterprise deployment method)- Android Enterprise corporate-owned work profile (COPE)
- Android Enterprise corporate owned fully managed (COBO)
- Android Enterprise corporate owned dedicated devices (COSU)
