Updated 4/15/24 - We have received the following updates from Google:
Google recently identified two issues in Android 14 that make some management policies permanent on non-Samsung devices. When a device is upgraded from Android 13 to Android 14, certain settings are made permanent on the device. Additionally, when devices that have been upgraded to Android 14 are rebooted, other settings are made permanent on the device.
For example, let’s say you are managing a device with a personally-owned work profile running Android 13, with the settings Block camera and Block apps from unknown sources enabled in the management profile. When that device updates to Android 14, the camera will become permanently blocked, even if you later disable the Block camera setting in Intune. After the update to Android 14, when the device reboots, apps from unknown sources will also become permanently blocked, even if you later disable Block apps from unknown sources in Intune.
Due to the severity of the issue, we do not recommend updating non-Samsung devices to Android 14 at this time. On Android Enterprise devices, you can use Intune device restrictions policies to postpone system updates. For more details, see Managing system updates on Microsoft Intune managed Android Enterprise corporate devices.
Unfortunately, this is a bug at the operating system level, meaning the only way to fix it is for the device OEM to release an OS update containing patches to Android itself. Intune and other device management providers do not have control over when these patches will be available.
When devices that have been upgraded to Android 14 are rebooted, certain settings are made permanent on the device. Devices that shipped with Android 14 will not be affected.
This issue currently affects devices enrolled with personally-owned work profiles.
Personally-owned work profile
Fully managed, Dedicated and Corporate-owned work profile
Google recently released a fix for this issue on fully managed, dedicated, and corporate-owned fully managed devices. Prior to this, the following settings could also have become permanent on devices after rebooting:
Fully managed and Dedicated:
Corporate-owned work profile:
When a device is upgraded from Android 13 to Android 14, certain settings are made permanent on the device.
The following enrollment types are affected by this issue:
Fully managed and Dedicated
Corporate-owned work profile
Personally-owned work profile
Currently, the only way to clear settings that have become permanent is:
Google is currently sharing patches with other device OEMs for these issues, which OEMs will integrate into their OS update images going forward. Device OEMs will determine if, and how, their devices will receive these fixes. When released, these OEM patches will prevent these issues in the future, but if a device has already upgraded to Android 14 and experienced the issue, any settings that have been made permanent will remain on the device.
We’ll continue to provide updates on this post as they’re available. If you have any questions leave a comment below or reach out to us on X @IntuneSuppTeam.
Post updates:
12/19/23: Updated post to clarify the affected settings under Issues 1 & 2.
04/15/24: Updated post with latest update from Google.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.