cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Endpoint Manager Support for Android 11
By
Intune_Support_Team
Published Sep 03 2020 12:00 PM 16.1K Views
Intune_Support_Team
Microsoft
‎Sep 03 2020 12:00 PM

Microsoft Endpoint Manager Support for Android 11

‎Sep 03 2020 12:00 PM

Android 11 was released by Google on September 8th. Both our App Protection Policy (APP) team and our Mobile Device Management (MDM) team have been testing on Android 11, and wanted to let you know what we have found. All main Intune APP and MDM scenarios are compatible with this latest version of Android, but there are some changes and best practices to be aware of, which we share in the post below.

 

Here are a few things you’ll want to know:

  • Update apps: Encourage your end users to update to the latest version of the Company Portal, Edge, and other APP-supported apps. The latest version will provide the best experience with devices running Android 11.
  • APP and Shared Datasets: Note that requiring encryption by policy will have the following effect on the Shared Datasets introduced with Android 11. If encryption policy Is not required, then Shared Dataset storage will be allowed. If encryption is required by policy, then:
    • For a single-identity app, the blob storage (Shared Dataset) commit will be allowed if the data is private to the app. Otherwise, it will be blocked.
    • For a multi-identity app, the blob storage commit will be blocked.
  • Privacy messaging: Android 11 introduces some user experience changes to increase transparency for users. User may see new messaging, such as additional notifications about app permissions granted by their organization.
  • Device administrator management: Google has been communicating their plans to decrease their support for device administrator managed devices for several years. The release of Android 11 will cause changes and reductions in management capabilities on device administrator managed devices.
    • Camera: For device administrator managed devices running Android 11 (excluding Samsung), you will no longer be able to set the device restriction to block camera use. Policies blocking camera that are applied to devices before they update to Android 11 will continue to apply.
    • Trusted root certificates: With Android 11, trusted root certificates can no longer be deployed to devices enrolled with device administrator (except on Samsung devices). Users must manually install the trusted root certificate on the device. With the trusted root certificate manually installed on a device, you can then use SCEP to provision certificates to the device. In this scenario you must still create and deploy a trusted certificate policy to the device and link that policy to the SCEP certificate profile.
      • If the trusted root certificate is on the device, then the SCEP certificate profile will install successfully.
      • If the trusted certificate cannot be found, the SCEP certificate profile will fail.
  • Reminder about October device administrator changes on Android 10 and 11: Following the release of Android 11, Google is requiring all apps to update their API targeting to at least 29. The Company Portal will be making this change in October. This will cause different and decreased manageability on device administrator devices running Android 10 and later. Impacted settings include setting password requirements, blocking camera, blocking Smart Lock and other trust agents, and a change in the Wi-Fi end user experience. Creating custom Wi-Fi profiles to include a pre-shared key (PSK) will no longer be supported. Existing devices that have the profile installed before the move to API 29, but new profiles will be unable to deploy to devices. You can read full details of the changes in the blog about decreasing support for device administrator management.

 

As with previous major Android OS updates, check mobile app compatibility with your app providers to confirm your users' apps work with Android 11. You’ll see a “What’s New for the app” in the Play Store or in-app details on an application’s website. Some apps provide Day 0 support, while others update over time. Ensure your users' managed apps that are deployed through Intune have been updated to a version that supports Android 11.

 

How Can You Reach Us?

Keep us posted on your Android 11 experience through comments on this blog post, through Twitter (@IntuneSuppTeam), and request any new features on UserVoice. We will update this post with any additional information we learn when Android 11 releases.

 

Blog post updates

9/9/20: With an update that Android 11 has been released by Google!

9/21/20: With an update to the: "Reminder about October device administrator changes on Android 10 and 11" section.

6 Comments
NateKubenik
Copper Contributor
‎Sep 03 2020 01:53 PM
‎Sep 03 2020 01:53 PM

Thanks for sharing!! 

JoseSetienMDM
Iron Contributor
‎Sep 06 2020 09:01 AM
‎Sep 06 2020 09:01 AM

I am slightly concerned about the Trusted Root Certificates situation. Will need to configure & test some new Android Device Config Profiles. :cool:

royh1809
Copper Contributor
‎Jan 21 2021 02:18 AM
‎Jan 21 2021 02:18 AM

Hello,

Some of my devices (Samsung S10e) update their OS to Android 11, since then Intune apps are crashing (Intune Adobe Reader, AIP Viewer etc.)

Do you have solution for those crashes?

Regards,

Roy 

KMalo690
Copper Contributor
‎Jan 27 2021 08:50 PM
‎Jan 27 2021 08:50 PM

Crashes for me too. 

0 Likes
Like
svinchu2619
Copper Contributor
‎Feb 22 2021 07:33 AM
‎Feb 22 2021 07:33 AM

can we add points related to Samsung Knox?

Specially this : Prepare Knox for Android 11 (samsungknox.com)

 

If you have a fully managed device with a work profile enrolled via KME, we recommend that you update your KME profile with the option, Let MDM choose to enroll as a Device Owner or Profile Owner:

 

 

If you do not update your KME profile, after the Android 11 update and a factory reset, the device will be enrolled automatically as a fully managed device (device owner) because a fully managed device with a work profile is no longer supported on Android 11.

0 Likes
Like
JenOlivier
Copper Contributor
‎Nov 04 2021 04:55 AM
‎Nov 04 2021 04:55 AM

Intune continually tells me my device (Samsung S32) does not comply with Organizational Policy. I have tried to change password, pin, code, etc. numerous times, uninstalled and reinstalled the app. Checked for updates, but still get the same error.

Is there a solution for this issue.

0 Likes
Like
Version history
Last update:
‎Dec 19 2023 01:24 PM
Updated by: