Forum Discussion

Aragorn's avatar
Aragorn
Iron Contributor
Oct 22, 2021

Microsoft Defender for Android Company Owned Work Profile

Hi,   I'm testing Android Enterprise with company owned with work profile. Install instructions have this statement "Currently, Personally-owned devices with work profile and Corporate-owned fully ...
BenCr1985's avatar
BenCr1985
Copper Contributor
Jan 24, 2023

PaulAnton  did you get any further with this as we have a similar issue. 

  • BenCr1985's avatar
    BenCr1985
    Copper Contributor
    Jan 25, 2023

    PaulAnton 

     

    That's a shame. We tested DEFENDER with no issues internally and are now rolling out to a client and we are getting the same error despite the fact the devices should be the same as our testing ones. Go figure.

     

    Daniel Simpson  - Any update from your end at all?

    • PatrickF11's avatar
      PatrickF11
      Steel Contributor
      May 11, 2023

      Just a quick update on this:
      I've tested this today with "corporate owned - work profile" mode (COPE).
      Result: NOT Working, what a pitty. 😞
      (In my scenario i've configured the always on VPN, too, but i wasn't able to connect. Therefore there were no connectivity in the work profile at all, so no internet. (Which means: I was unable to remove the AlwaysOn VPN Config via Intune, because the lack of internet connectivity)...

      Last chance: factory reset 😄

      Because this COPE Mode is the most used one it would be so important to have DFE!

      Daniel Simpson. Any Updates on this?

      • PatrickF11's avatar
        PatrickF11
        Steel Contributor
        Dec 22, 2023
        Today I've tested a COPE Android device with Defender for Endpoint. It is working! 🙂
        What i did (long story short)

        1. Security.microsoft.com \ Settings \ Endpoints \ Advanced features: Intune Connection > ON
        2. Intune \ Tenant Administration \ Connectos and Tokens \ Microsoft Defender for Endpoint: Android enabled
        3. installed Defender App via "managed google play"
        4. App Configuration Profile for Defender App
        5. Device Configuration Profile for Always-on VPN BUT without "lockdown mode" enabled.(This breaks the whole internet in corporate profile and makes it necescary to wipe and re-enroll the device. :--D
        6. Optional: Compliance and AppProtection

        The only thing which isn't that nice is that the user needs to click through a few steps after first start of the Defender App. There seem to be a few preview settings in the app config. (e.g. "low touch onboarding", but they're not working yet. (as mentioned in this thread: https://www.reddit.com/r/DefenderATP/comments/17v5kh2/defender_on_android_work_profile_low_touch/)

Resources