Forum Discussion

AhmedLS's avatar
AhmedLS
Copper Contributor
Apr 17, 2024
Solved

auto grant location permissions for Intune Android application

Hi All, I am trying to enable locate device for android devices but this requires enabling locations services for Intune android app on work profile. we running android enterprise. when i try to cr...
application configuration policy
  • tobiassandberg's avatar
    tobiassandberg
    May 05, 2024

    Thanks AhmedLS. If we look at the documentation for the platforms that support the Locate device capability, we can read this:

    Android Enterprise – Applicable to dedicated devices, fully-managed, and corporate-owned work profile devices. Requires the device to run Google Play Services version 20.06.16 or later and have Location services turned on and "Google Location Accuracy" enabled. The "Google Location Accuracy" setting can be found under Settings > Location > Location Services. Corporate-owned work profile devices running Android 12 or above require the end user to grant Intune app location permission by going to Settings > Apps > Intune (in the Work tab) > Permissions > Location > Allow all the time.

    https://learn.microsoft.com/en-us/mem/intune/remote-actions/device-locate?WT.mc_id=EM-MVP-5001447#supported-platforms)

    So unfortunately, it does seem like this step has to been done manually by the user for the Corporate-owned devices with work profile (COPE) enrollment method. The example pictures on the blog post was from a fully managed (COBO) device where it probably works different.

     

tobiassandberg's avatar
tobiassandberg
Iron Contributor
May 05, 2024

Thanks AhmedLS. If we look at the documentation for the platforms that support the Locate device capability, we can read this:

Android Enterprise – Applicable to dedicated devices, fully-managed, and corporate-owned work profile devices. Requires the device to run Google Play Services version 20.06.16 or later and have Location services turned on and "Google Location Accuracy" enabled. The "Google Location Accuracy" setting can be found under Settings > Location > Location Services. Corporate-owned work profile devices running Android 12 or above require the end user to grant Intune app location permission by going to Settings > Apps > Intune (in the Work tab) > Permissions > Location > Allow all the time.

https://learn.microsoft.com/en-us/mem/intune/remote-actions/device-locate?WT.mc_id=EM-MVP-5001447#supported-platforms)

So unfortunately, it does seem like this step has to been done manually by the user for the Corporate-owned devices with work profile (COPE) enrollment method. The example pictures on the blog post was from a fully managed (COBO) device where it probably works different.

 

PH-AaronHall's avatar
PH-AaronHall
Brass Contributor
Jul 23, 2024

tobiassandberg While 100% correct, this has got to be one of the dumbest designs I've seen, and I can't fathom a reason why it makes sense to work this way. It is still, by definition, a corporate owned device and the company maintains the rights to enable this function. How would a company communicate the need to do such a thing to users and reasonably expect them to follow through with it? Spoiler Alert: It'll never happen. Then when the user loses the phone, there's no recourse for IT to do anything but wipe it and replace it... even if it turns out to be stuck between a couch cushion at the user's home.

 

I really wish Microsoft had employees who actually cared enough to use the gray matter between their ears when engineering this stuff.

Resources