Android Fully Managed - Backup & Restore

Copper Contributor

With the requirement to factory reset mobile devices to enroll into Android enterprise (Fully managed), it is becoming increasingly more apparent that a solution to backup data on pre-factory reset devices and then restore said data onto the post-factory reset devices is needed. At the moment it appears that all restore functionality is disabled in the android fully managed solution.

 

We would have previously used Samsung's smart switch application, which is now blocked.

 

An example: -
- User currently has a legacy managed device, loaded with photos, messages and configurations.

- In order to migrate to Android fully managed, user needs to factory reset phone.

- User wants to migrate all data onto the newly managed device post factory reset, however all restore functionality is disabled in a fully managed device.

 

This case example is stopping us from progressing forward with Android fully managed.

 

Any ideas/workarounds would be greatly appreciated? - We have been trialing Samsung cloud but have found this to be relatively unreliable.

 

Thanks in advance!

25 Replies
Commenting to show support of this idea. This is something that just needs to be implemented.

This obstacle is present in Android Enterprise fully managed for Citrix XenMobile as well. This appears to be a limitation of the Android Enterprise mode, as per Samsung's support article.

 

https://support.samsungknox.com/hc/en-us/articles/360021410234-Does-Knox-Manage-support-Samsung-Back...

@ChrisH1994 I understand your point and I don't think there is a current solution for this. For photos I can recommend the Onedrive app? That might be an option?

@ChrisH1994

 

Also replying to register my interest in this topic. 

DId anyone find a solution yet - even one that required a USb connection to the PC?  

am looking for something for txt (sms) messages and call history.  Do you know if onedrive supports this ? 

@Thijs Lecomte 

@Mobiletech 

No Onedrive doesn't support this.

You have two options:

- Make sure that everything is backed up on an app specific level - calls/texts => SIM card, pictures => Onedrive

- Backup the entire phone

 

I am more a fan of the first one, as restoring an Intune enrolled phone might cause issues.

Thanks Thijs.
My requirement is a bit more complicated - I need to back from Android in its knox workspace. We then re actice with the new Android Enterprise, and I need to restore SMS and TXT to the Android Enteprise Workspace! Doe anyone know of a product or a method (even usb cabled ) that can achieve this ?

Thanks

@Mobiletech 

 

I've set up Samsung Smart Switch for being able to do this on "Fully Managed" devices. The trick for me was to create an app configuration policy for Samsung Smart Switch that allows this. But it seems to be able to backup everything. So please consult your security and compliance policies to see if it violates against this. 

@ChrisH1994 @Mobiletech 

We have been able to use the Samsung Cloud app to do the backup and restore on the Android Fully Managed devices. We did the following:

 

  • Create and add a Samsung account on the device
  • When the account is added you should be able to sign in to the Samsung cloud app.
  • Within the app you can configure the backup and restore
  • Within the settings of the app you need to tick a box to make the icon visible

We use this for now as workaround until the integrated backup and restore becomes available.

 

regards,

 

Jeroen Dijkman

Hi @Klaus Østergren Nielsen ,

 

Could you explain how did you do this please? Because I try do do it but doesn't work.

Did you apply your configuration to a group of devices or to a group of users please?

What we did doesn't seems to work.

I join what we did.

Hi @JeroenDijkman ,

 

When you run the configuration of devices in fully manage, did you keep Samsung  oem apps (calendar, gallery...) please ? Because we don't (the default in Intune) and I can't find Samsung Cloud. I can add a Samsung account on accounts but I don't have Samsung cloud in menu.

@Klaus Østergren Nielsen I'm testing this out and I find when restoring with Smart Switch, Home Screen and Settings are unable to be restored (see image below).  Is this the same behavior in your experience?  The same backup in my example, when restoring to the device in unmanaged state, can restore both Home Screen and Settings.

Restoring to fully managed:

Samsung Smartswitch restore capabilities (fully managed)-2.png

Restoring to the same device (but in unmanaged state), you can see behind the popup that both Home screen and Settings are selected / restorable:

Samsung Smartswitch restore capabilities.png

@Jeremy Bradshaw 

Hi,

 

Could you explain the configuration that you done in Intune to give the possibility to run Smart switch please?
Now we can run smart switch but impossible to link 2 phones and impossible to run the desktop application. I have the error link. Sorry it's in french.

 

 

@MichaelOliv I have only tested with the desktop software option (haven't tested with device-to-device direct/cable connection, or with Samsung Cloud).  I DID face the same error message you shared with the desktop app stating the device is Knox/MDM managed and so can't be connected to.

 

I had initially only approved the Samsung Smart Switch app in the Managed Google Play store, so it showed up in my Intune list of Android apps, but I didn't assign it.  The reason I didn't assign it is that the desktop app had already successfully installed (or enabled) Smart Switch on my Android device, so I figured that was good enough.  So in this state, I created an App Configuration Profile for Android Enterprise Fully Managed, Dedicated and COPE devices, of type "Managed Device", and with the selected app being the Managed Play Store Samsung Smart Switch, and the setting set to True for allowing it to run.  In this state, I would get the same error message you shared.

 

I had a hunch the problem was with the app on the device, so I then tried just assigning the app from Intune.  This alone didn't help at all.  I did notice the notification on my device saying MDM was installing a required app, but I watched and didn't see any change with the already-installed app.  So then I decided to assign the app as "Uninstall" from Intune, wait for it to uninstall from the device, then reassign as "Required".  After this, it started working.

 

So the recipe for success is this:

  1. Don't have Samsung Smart Switch installed on the device in advance.
  2. Approve the app in Managed Play Store, and assign it to the necessary users or devices in Intune.
  3. Use an App Configuration Profile of type "Managed Device", selecting the Managed Play Store app from step 2, and set the single setting of allowed to run = true.

 

Hopefully that does it for you too.  FYI, the restore test's results are below:

 

  • Failed to restore my phone call history
  • Successfully restored my text messages (Samsung's 'Message's app is all I tested)
  • Successfully restored/installed my apps (my Device Restrictions Configuration policy is currently set to "Allow access to all apps in Google Play store" = Allow)
  • Didn't restore any apps' settings.
  • Successfully restored files/photos.

I'm going to keep testing for a while to get familiar with what should/shouldn't work, as I'm working towards a good sized rollout of MDM-enrolling (via Knox KME) existing devices.  So need to prepare a backup/restore plan users can follow.

@Jeremy Bradshaw 

Thanks for your detail answer.

 

For me is still not work.

 

I tried to:

Uninstall smart switch

Create a new app configuration

Install smart switch

 

But when I run smart switch on phone and approve asks for authorisation, I have this:

Screenshot_20210126-155602_Smart Switch.jpg

 

This is my app configuration:

 
 

app configuration.png

I tried with pc application, same error like in my previous post. It seems that I have something else that block but I don't know what.

@MichaelOliv I do remember one other thing I've done.  In my Device Restrictions device configuration profile, I set USB Storage to Allow (under the section General > Fully managed and dedicated devices).  I noticed that for that setting, Not configured translates to Blocked.  Also in General > Fully managed, dedicated, and corporate-owned work profile devices, I have left USB file transfer as Not configured, which translated to Allow.

@Jeremy Bradshaw 

Thanks.

I tried the USB storage but same things.

 

This is my configuration:

config 1.png

config 2.png

@MichaelOliv just wondering, if you look at your device in Endpoint Manager, do the Smart Switch app config policy and the device restrictions config policy both show as "Succeeded"?  I ask because during the period when I wasn't assigning the app, only the app configuration profile, my app config. profile was stuck at "Pending".  It was only after I did the whole assign as uninstall, then required, that it finally applied.

 

If possible, you might have better luck if you unassign any policies from the device, then just apply the very bare minimum for compliance/device restrictions, and then the Smart Switch Managed Play Store app, and app config policy.  If you can get that working, then start adding things back one at a time, you might find something that has been getting in the way.

@Jeremy Bradshaw @MichaelOliv : I am sorry for the late reply in this thread. The customer for whom I have set it up use it to migrate from phone to phone. And it is only used for Samsung mobiles / tablets. But it does the job and uses the app configuration @MichaelOliv displays in a reply above this. Hopefully these comments are useful. I will follow the thread and comment if I can provide insights.