Support Tip: New Google-based Compliance Screens for Kiosk Mode

Published Feb 12 2021 12:25 PM 2,845 Views

We now support the use of Google’s compliance screens on Android Enterprise dedicated devices that leverage kiosk mode. As a result, you can now configure a password policy and ensure that your end-users will be guided down a path to enforce said policy. The screens will get invoked if you configure a password policy in device configuration and/or device compliance. That experience would look something like this (this example is a password policy requiring 4 digits): 

 

Password policy experience requiring 4 digitsPassword policy experience requiring 4 digits

 

Below are other screens your users may see, depending on what compliance policies you have applied to their devices. We will update as more screens get introduced.

 

Minimum OS level

Minimum OS level user experienceMinimum OS level user experience

 

Set a new screen lock

Set a new screen lock user experienceSet a new screen lock user experience

 

A couple of things to note about this feature:

  • The 9 days until wipe that shows in the screens is the default behavior of the Google compliance screen if the device is non-compliant with the policies that have been configured in console. So, even if you said in Intune to “mark device as non-compliant but not wipe it” the end-user will see this screen and their device would get wiped after 9 days if they remain non-compliant.

  • On some Android devices running OS 10 or lower, encryption can’t be enforced unless the device also has a passcode. For these devices, if you require encryption for compliance but don’t set a policy for device password, the user won’t have a great remediation path for gaining compliance and their device will be at risk of wipe.

 

Learn more about Android Enterprise device password restrictions here.

 

Let us know if you have any questions by commenting on this post or reaching out to @IntuneSuppTeam on Twitter.

 

Post updates:

  • 2/16: Added a couple of things to note about this feature.
  • 7/26: Updated post to reflect the functionality’s availability on all dedicated devices running kiosk mode.
%3CLINGO-SUB%20id%3D%22lingo-sub-2129719%22%20slang%3D%22en-US%22%3ESupport%20Tip%3A%20New%20Google-based%20Compliance%20Screens%20for%20Kiosk%20Mode%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2129719%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20now%20support%20the%20use%20of%20Google%E2%80%99s%20compliance%20screens%20on%20Android%20Enterprise%20dedicated%20devices%20that%20leverage%20kiosk%20mode.%20As%20a%20result%2C%20you%20can%20now%20configure%20a%20password%20policy%20and%20ensure%20that%20your%20end-users%20will%20be%20guided%20down%20a%20path%20to%20enforce%20said%20policy.%20The%20screens%20will%20get%20invoked%20if%20you%20configure%20a%20password%20policy%20in%20device%20configuration%20and%2For%20device%20compliance.%20That%20experience%20would%20look%20something%20like%20this%20(this%20example%20is%20a%20password%20policy%20requiring%204%20digits)%3A%E2%80%AF%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%2220210212_200549024_iOS.gif%22%20style%3D%22width%3A%20190px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254572iEF16891626C4DDAC%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%2220210212_200549024_iOS.gif%22%20alt%3D%22Password%20policy%20experience%20requiring%204%20digits%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EPassword%20policy%20experience%20requiring%204%20digits%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBelow%20are%20other%20screens%20your%20users%20may%20see%2C%20depending%20on%20what%20compliance%20policies%20you%20have%20applied%20to%20their%20devices.%20We%20will%20update%20as%20more%20screens%20get%20introduced.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1971175339%22%20id%3D%22toc-hId-1971175315%22%3EMinimum%20OS%20level%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Minimum%20OS%20level.png%22%20style%3D%22width%3A%20212px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254574iB0E9F2722DFF5705%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Minimum%20OS%20level.png%22%20alt%3D%22Minimum%20OS%20level%20user%20experience%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EMinimum%20OS%20level%20user%20experience%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-163720876%22%20id%3D%22toc-hId-163720852%22%3ESet%20a%20new%20screen%20lock%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Set%20a%20new%20screen%20lock.png%22%20style%3D%22width%3A%20204px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254576i80E46D7B7771F829%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Set%20a%20new%20screen%20lock.png%22%20alt%3D%22Set%20a%20new%20screen%20lock%20user%20experience%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ESet%20a%20new%20screen%20lock%20user%20experience%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EA%20couple%20of%20things%20to%20note%20about%20this%20feature%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EThe%209%20days%20until%20wipe%20that%20shows%20in%20the%20screens%20is%20the%20default%20behavior%20of%20the%20Google%20compliance%20screen%20if%20the%20device%20is%20non-compliant%20with%20the%20policies%20that%20have%20been%20configured%20in%20console.%20So%2C%20even%20if%20you%20said%20in%20Intune%20to%20%E2%80%9Cmark%20device%20as%20non-compliant%20but%20not%20wipe%20it%E2%80%9D%20the%20end-user%20will%20see%20this%20screen%20and%20their%20device%20would%20get%20wiped%20after%209%20days%20if%20they%20remain%20non-compliant.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3CLI%3EOn%20some%20Android%20devices%20running%20OS%2010%20or%20lower%2C%20encryption%20can%E2%80%99t%20be%20enforced%20unless%20the%20device%20also%20has%20a%20passcode.%20For%20these%20devices%2C%20if%20you%20require%20encryption%20for%20compliance%20but%20don%E2%80%99t%20set%20a%20policy%20for%20device%20password%2C%20the%20user%20won%E2%80%99t%20have%20a%20great%20remediation%20path%20for%20gaining%20compliance%20and%20their%20device%20will%20be%20at%20risk%20of%20wipe.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELearn%20more%20about%20Android%20Enterprise%20device%20password%20restrictions%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fconfiguration%2Fdevice-restrictions-android-for-work%23fully-managed-dedicated-and-corporate-owned-work-profile-devices-1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELet%20us%20know%20if%20you%20have%20any%20questions%20by%20commenting%20on%20this%20post%20or%20reaching%20out%20to%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FIntuneSuppTeam%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%40IntuneSuppTeam%3C%2FA%3E%20on%20Twitter.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPost%20updates%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E2%2F16%3A%20Added%20a%26nbsp%3Bcouple%20of%20things%20to%20note%20about%20this%20feature.%3C%2FLI%3E%0A%3CLI%3E7%2F26%3A%20Updated%26nbsp%3Bpost%20to%20reflect%20the%20functionality%E2%80%99s%20availability%20on%20all%20dedicated%20devices%20running%20kiosk%20mode.%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2129719%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20Endpoint%20Manager%26nbsp%3B%3CSPAN%20class%3D%22TextRun%20%20BCX8%20SCXW19042603%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX8%20SCXW19042603%22%20data-ccp-parastyle%3D%22Normal%20(Web)%22%3Enow%20supports%20the%20use%20of%20Google%E2%80%99s%20compliance%20screens%20on%20Android%20Enterprise%20dedicated%20devices%20that%20leverage%20kiosk%20mode!%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2129719%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAndroid%20Enterprise%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EKiosk%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Endpoint%20Manager%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Jul 26 2021 01:43 PM
Updated by: