Custom OS Error on AE Work Profile

Iron Contributor

Hi All

 

Hope you are all well.

 

Anyway, a strange one here.

 

Trying to enroll an Android 7 Samsung device via Android Enterprise Work Profile and getting an error saying:

 

Couldn't add your device. To get your device managed, you'll need to accept all the system permissions requests

and

Cannot create Work Profile. The security policy prevents the creation of a work profile because a custom OS has been installed on the device.

 

Any ideas?

 

 

 

10 Replies

It sounds like the device has been rooted. Do you have a compliance policy in place that restricts this? Device Health > Rooted devices > Block

Yes I do, but this device is not rooted, apparently.

Would anything else cause this?

Regards

@StuartK73  A custom ROM being installed would also do it.

@eglockling 

 

Interesting, any ideas on how to detect this on the device?

 

Info appreciated

@StuartK73  Since it's a Samsung device, check in Settings > About phone > Software information > Build number. You should see the model number included in the build number (eg. G930W). If you don't, it may be a custom ROM. Besides that, you may need to check other sources online for in-depth methods of detection. Best of luck!

@StuartK73 was that device enrolled before? We have seen such a message when enrolling a device not with work profile, but as fully managed devices. We found out that after removing the account from Intune and AAD it solved the issue (as it was not a new device).

@Peter Klapwijk , when you say you removed the account from AAD, was it the device you removed from the user's profile? 

@Peter Klapwijk  Can you provide an step by step of your Workaround ? 

@GandalfDonGato @J2_D2 In both Intune and AAD a device account was present, after removing both our issue was solved.
The device could be found in AAD via device or from the User properties.

I had same problem with Enterprise Enrollment on Samsung Tab S5e. The solution was to upgrade the device to latest Firmware. I had to flash with Odin-Tool. After that it worked like a charm.