Forum Discussion
Solved
Regarding the Android App settings issue
Hi All,
Regarding the issue of Azure Android App settings, we have set Android to enroll in Android Enterprise corporate owned dedicated devices (COSU) mode. I have two questions:
1. In this mode, can I restrict App data or maill attachments be downloaded to mobile devices?
2. Can I restrict updates for each apps or a specific app?
Thanks
- Hi,
1. Regarding the first question this is not dependent on the Android Enterprise Mode. There are ways to block downloads you can use Microsoft Defender for Cloud apps ( https://learn.microsoft.com/en-us/defender-cloud-apps/proxy-intro-aad ) to accomplish this for most apps that make use of Conditional Access. Use session policies: https://learn.microsoft.com/en-us/defender-cloud-apps/session-policy-aad . For other apps that access other resources you have to consult that particular solution to see if there are solutions.
2. You can postpone apps for up top 90 days and you can configure this per app. See a walkthrough here: https://www.anoopcnair.com/app-update-priority-managed-google-play-intune/
There are also ways to do this for some device vendors, mostly through the OEMConfig (https://learn.microsoft.com/nl-nl/mem/intune/configuration/android-oem-configuration-overview) for example Samsung's Knox Service Plugin (Samsung's OEMConfig solution) you are able to postpone app updates indefinitely.
1 Reply
- Hi,
1. Regarding the first question this is not dependent on the Android Enterprise Mode. There are ways to block downloads you can use Microsoft Defender for Cloud apps ( https://learn.microsoft.com/en-us/defender-cloud-apps/proxy-intro-aad ) to accomplish this for most apps that make use of Conditional Access. Use session policies: https://learn.microsoft.com/en-us/defender-cloud-apps/session-policy-aad . For other apps that access other resources you have to consult that particular solution to see if there are solutions.
2. You can postpone apps for up top 90 days and you can configure this per app. See a walkthrough here: https://www.anoopcnair.com/app-update-priority-managed-google-play-intune/
There are also ways to do this for some device vendors, mostly through the OEMConfig (https://learn.microsoft.com/nl-nl/mem/intune/configuration/android-oem-configuration-overview) for example Samsung's Knox Service Plugin (Samsung's OEMConfig solution) you are able to postpone app updates indefinitely.