07-08-2019 12:52 AM
07-08-2019 12:52 AM
We are currently looking at trialing intune as our MDM solution using the android Enterprise Platform. We are using samsung devices that are fully corporate owned.
After successfully enrollment Android Enterprise limits the applications but also remove core system apps such as SMS , Camera etc
I need to Enable Samsung OEM applications that were disabled by Android Enterprise
I have experience with other MDMs where remote scripts can be sent e.g
Is there a scripting function within intune to send android scripts to enable apps and functions
I can see there is a samsung knox plugin available, but Ideally we do not want to purchase additional Samsung knox licenses or subscription to enable this functionality if possible .
Any advice would be gratefully received and appreciated
07-09-2019 09:54 AM
Hi there, @King_Of_Comms
Intune unfortunately does not have the ability today to enable system apps in the Device Owner scenarios. However, you are able to modify the QR code as you mention with the settings in your post, there just a few things to consider when doing this:
07-11-2019 09:51 AM
Hi @Matthew Butcher,
i've tried to add the following code to my qr code but this has no effect.
Are you able to help?
07-11-2019 09:56 AM
This option will perform the following:
As this is outside of the Intune code base, unfortunately the only direction I can give you if you are experiencing issues would be to work with the OEM and or Google.
07-11-2019 12:41 PM
Read the comments under this disccussion
It is discussed in the comments.
Or use Samsung Knox Mobile Enrollment where you have the option to leave the apps enabled when enrolling in to Intune.
07-11-2019 11:29 PM
07-11-2019 11:41 PM
@markusrathke Good luck :)
Samsung KME is pretty simple: https://www.inthecloud247.com/setup-samsung-knox-mobile-enrollment-to-enroll-android-devices-in-micr...
07-12-2019 06:36 AM
@King_Of_CommsHi, I have managed to get this to work by editing the QR code to include a line
You need to add the Bold Text below.
07-14-2019 11:18 PM
07-14-2019 11:21 PM
07-21-2019 11:59 PM
just wonder where to DL the qr code in the intune tune console . i can obviously see the qr token but i can't see an option to save/dl.
also wondered what software you guys are using to edit your qr codes and how
07-22-2019 12:16 AM - edited 07-22-2019 12:16 AM
ok worked out how to dl , just need a few tips on editing the code and injecting the script
07-22-2019 01:03 AM
07-23-2019 03:47 AM
@King_Of_CommsI am not sure where this dynamic membership error is coming. But you need to use a converter/tool to convert the Intune console QR code to text mode. Then you append the following to your converted text:
After this you convert the new text back to QR code and distribute it internally for the enrollment purposes.
08-08-2019 08:28 AM
I added the line:
to the end of the text and converted it back to a QR Code. When I try to scan the code to enrol a Samsung mobile I see the following message:
Cannot create work profile
The security policy prevents the creation of a managed device because a custom OS is or has been installed on this device.
Would anyone have any thoughts? We have blocked "Rooted devices" on our Android Device Policy.
08-16-2019 08:53 AM
@Jim Rorrisonsorry for the late response!
This problem sounds unrelated to the customized QR code; does the enrollment work properly with the default QR code?
08-20-2019 03:48 AM
@Joni_Nieminen Hi Joni,
My fault, got the syntax wrong when adding the line to the QR Code. I have corrected and tested on a Samsung Galaxy a20. Seemed to work fine and left behind required apps such as Text Messaging and Camera. A couple of pre-installed Samsung apps (Netflix) also got through but not many.
Our normal enrolement QR Code works fine with other brands - tested on Nokia and Huawei.
Great solution, saves going down the Samsung Knox route.
08-29-2019 07:56 AM
08-29-2019 08:08 AM
The original code generated ends with }}. I put the line ,"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED": true - in between the two }}. Needs the comma at the start straight after the first of the two}.
Hope this helps, seems to leave Camera and Text apps plus some others which do not work anyway (such as Netflix).
08-29-2019 08:57 AM
09-02-2019 01:46 AM - edited 09-02-2019 01:47 AM
09-02-2019 06:22 AM
Have a look at https://docs.microsoft.com/en-us/intune/in-development#device-management
Something is in development for system apps:
System apps will be supported on Android Enterprise devices. In Intune, you will add an Android Enterprise system app by selecting Client apps > Apps > Add. In the App type list, select Android Enterprise system app.
09-02-2019 07:29 AM
09-02-2019 07:54 AM
@LewisTaylor No idea.
Usually there are multiple updates during a month for Intune as you can see here https://docs.microsoft.com/en-us/intune/whats-new
But it is unknown when a specific update is released. And if there might be an issue with a new feature, it could also mean it is delayed. So we can just wait and see if it shows up in de portal.
09-23-2019 10:33 AM
I wrote a super quick WinForms application to capture and re-generate the QR code with the 'All system apps' enabled. Was tired of doing this manually.
How-to is located in the wiki.
09-23-2019 11:05 AM
@LewisTaylor it`s available, here are the steps to enable the system apps https://www.inthecloud247.com/how-to-add-android-enterprise-system-apps-with-microsoft-intune/
10-02-2019 06:35 AM
@Peter Klapwijksince Fully Managed is now GA you can do this via apps rather than modifying the QR code! See https://docs.microsoft.com/en-us/intune/apps/apps-ae-system