Forum Discussion
Intune Android Enterprise - Enable Samsung System Apps
Hi All
We are currently looking at trialing intune as our MDM solution using the android Enterprise Platform. We are using samsung devices that are fully corporate owned.
After successfully enrollment Android Enterprise limits the applications but also remove core system apps such as SMS , Camera etc
I need to Enable Samsung OEM applications that were disabled by Android Enterprise
I have experience with other MDMs where remote scripts can be sent e.g
enable_system_app com.sec.android.app.camera
enable_system_app com.samsung.android.messaging
Is there a scripting function within intune to send android scripts to enable apps and functions
I can see there is a samsung knox plugin available, but Ideally we do not want to purchase additional Samsung knox licenses or subscription to enable this functionality if possible .
Any advice would be gratefully received and appreciated
Thanks
Jason
MatthewButcherMicrosoft
Hi there, King_Of_Comms
Intune unfortunately does not have the ability today to enable system apps in the Device Owner scenarios. However, you are able to modify the QR code as you mention with the settings in your post, there just a few things to consider when doing this:
- This is outside of the Intune code path, so we have no control over it. I would recommend testing to see if you are ok with the behavior you can observe.
- Once the apps are enabled, they cannot be disabled unless the device is reset.
Hi MatthewButcher,
i've tried to add the following code to my qr code but this has no effect.
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true
Are you able to help?
- MatthewButcher
Hi markusrathke,
This option will perform the following:
- It enables all system applications specific to that OEM and it is not knowable until the device is provisioned
- Once they are enabled, they cannot be disabled a la carte or in bulk until the device is factory reset
As this is outside of the Intune code base, unfortunately the only direction I can give you if you are experiencing issues would be to work with the OEM and or Google.
- Thanks for your Swift reply and advise, most appreciated , I will definitely give this a try as drawing blanks elsewhere, can you advise or recommend whats best to edit the qr code
not had much experiencing in doing that before but want to learn as im sure its relativity straight forward, just conscious 3rd party tools may be unsecure and inject other lines etc into the code
King_Of_CommsHi, I have managed to get this to work by editing the QR code to include a line
You need to add the Bold Text below.
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true
- Do you add this line to to the advance rule box within dynamic membership rules ?
ive tried adding the code to my rule and intune errors
"Failed to save dynamic group. Dynamic membership rule validation error: Invalid characters found in the rule.Invalid characters found in the rule: :
heres the rule i attempted to use
(device.enrollmentProfileName -match "AFW CO - SU")
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true
anything immediately obvious in my syntax that would cause an error? I have attempedt with open/close brackets and removing the quotations but no joy so farKing_Of_CommsI am not sure where this dynamic membership error is coming. But you need to use a converter/tool to convert the Intune console QR code to text mode. Then you append the following to your converted text:
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED": true
After this you convert the new text back to QR code and distribute it internally for the enrollment purposes.
kingyjk this advise actually works!
I've managed to retain the Samsung Enterprise Applications within' the phone upon enrollment. Just have to add the lines once you get the QR token code. Example below.
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "TOKEN HERE"
},"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED": true}
Hope this will help future enrollments!
HI all
just wonder where to DL the qr code in the intune tune console . i can obviously see the qr token but i can't see an option to save/dl.
also wondered what software you guys are using to edit your qr codes and how
Thanks
ok worked out how to dl , just need a few tips on editing the code and injecting the script
I wrote a super quick WinForms application to capture and re-generate the QR code with the 'All system apps' enabled. Was tired of doing this manually.
https://github.com/expired00/AndroidEnterpriseQRCodeModifier/releases
How-to is located in the wiki.
