Apr 17 2024 01:39 PM
Hi All,
I am trying to enable locate device for android devices but this requires enabling locations services for Intune android app on work profile. we running android enterprise.
when i try to create an application configuration policy the only application that i cannot find is Intune application.
i choose new application configuration policy then "Managed Devices". i fill in the info but when trying to select intune it doesnt show up.
help will be greatly appreciated
KR
May 04 2024 11:24 PM - edited May 04 2024 11:25 PM
Hi @AhmedLS, there have been some changes lately which are described well in this post. Please read and see if that helps you.
https://www.petervanderwoude.nl/post/remotely-locating-corporate-owned-android-enterprise-devices/
May 05 2024 01:43 AM
May 05 2024 05:30 AM
@AhmedLS thanks for the explanation.
Maybe I'm not understanding your problem correct, but are you unable to get the Location permission for the Intune app to be set to [X] Allow all the time?
Which type of Android enrollment are you using in this case?
May 05 2024 05:47 AM
May 05 2024 06:05 AM - edited May 05 2024 06:05 AM
@AhmedLSthanks, I understand that you cannot create an App Configuration Policy for it, but as far as I am aware, you would not have to do that in order for it to work.
But for me to understand exactly, I would like to know which of the following Android Enterprise enrollment methods you are using? (since the availability of remotely locating the device depends on the Android Enterprise deployment method)
May 05 2024 07:08 AM
May 05 2024 07:24 AM
SolutionThanks @AhmedLS. If we look at the documentation for the platforms that support the Locate device capability, we can read this:
Android Enterprise – Applicable to dedicated devices, fully-managed, and corporate-owned work profile devices. Requires the device to run Google Play Services version 20.06.16 or later and have Location services turned on and "Google Location Accuracy" enabled. The "Google Location Accuracy" setting can be found under Settings > Location > Location Services. Corporate-owned work profile devices running Android 12 or above require the end user to grant Intune app location permission by going to Settings > Apps > Intune (in the Work tab) > Permissions > Location > Allow all the time.
https://learn.microsoft.com/en-us/mem/intune/remote-actions/device-locate?WT.mc_id=EM-MVP-5001447#su...)
So unfortunately, it does seem like this step has to been done manually by the user for the Corporate-owned devices with work profile (COPE) enrollment method. The example pictures on the blog post was from a fully managed (COBO) device where it probably works different.
May 05 2024 07:29 AM
May 05 2024 08:14 AM
Jul 23 2024 11:15 AM
@tobiassandberg While 100% correct, this has got to be one of the dumbest designs I've seen, and I can't fathom a reason why it makes sense to work this way. It is still, by definition, a corporate owned device and the company maintains the rights to enable this function. How would a company communicate the need to do such a thing to users and reasonably expect them to follow through with it? Spoiler Alert: It'll never happen. Then when the user loses the phone, there's no recourse for IT to do anything but wipe it and replace it... even if it turns out to be stuck between a couch cushion at the user's home.
I really wish Microsoft had employees who actually cared enough to use the gray matter between their ears when engineering this stuff.
May 05 2024 07:24 AM
SolutionThanks @AhmedLS. If we look at the documentation for the platforms that support the Locate device capability, we can read this:
Android Enterprise – Applicable to dedicated devices, fully-managed, and corporate-owned work profile devices. Requires the device to run Google Play Services version 20.06.16 or later and have Location services turned on and "Google Location Accuracy" enabled. The "Google Location Accuracy" setting can be found under Settings > Location > Location Services. Corporate-owned work profile devices running Android 12 or above require the end user to grant Intune app location permission by going to Settings > Apps > Intune (in the Work tab) > Permissions > Location > Allow all the time.
https://learn.microsoft.com/en-us/mem/intune/remote-actions/device-locate?WT.mc_id=EM-MVP-5001447#su...)
So unfortunately, it does seem like this step has to been done manually by the user for the Corporate-owned devices with work profile (COPE) enrollment method. The example pictures on the blog post was from a fully managed (COBO) device where it probably works different.