Forum Discussion
Work profile cannot be created on Galaxy Tab S4
Hi,
I'm testing with Intune for several days with a Samsung Galaxy Tab S4 but I can't get my tablet to create a work profile. When I installed the Intune portal app and started registrating my device, it stopps with the error message: "Device cannot be added. Pls accept all system permission requirements" but there aren't any windows poping up to agree the samsung terms and so on.
My tablet is in the list of google enterprise devices, running on android 8.1.0 and I couldn't find any info that work profiles are not supported on this device. I activated the device enrollment restriction for Android work profiles.
Is this a bug or is my device simply not supported for work profiles?
Thanks and Regards
Alu
Aluca12
Looks like i missed the point of using fully-managed device. Based on my understanding, you can't have fully managed device and work-profile on the same device.
https://docs.microsoft.com/en-gb/intune/android-fully-managed-enrollWhen using these preview features, keep the following in mind:
- Use of the Intune Company Portal app isn't supported on Android Enterprise fully managed devices.
Hi Aluca12
Do you have an alternative platform or tenant to test with? (validate if this is a config or device issue)
Note: you can test it here https://enterprise.google.com/android/experience with a valid gmail account (this account can not be bound to a current EMM)
If the above did not enrol then try the following;
Reset the device, attempt to enrol and gather an adb bugreport
https://developer.android.com/studio/debug/bug-report#bugreportadb
Logs will be lengthy, however will likely contain important troubleshooting information.
Then log a job with support.
,Andrew
- Hey Andrew,
thanks for your help, I could enroll with this demo and a work profile was successfully created without any errors.
It's good to know but I'm very curious why it isn't working when enroll with the intune portal app. Besides the option under device enrollment restrictions I can't see any other switch or button which seems related to work profile settings.
Do you have anything in mind?
I will also try this bugreport in the next days.
Tahnks and have a nice sunday.
Julian- Good to hear the device is working, as for the Intune setting there is not a whole lot to configure to get started.
Check the following;
- Managed Google Play is setup
- Users are licences to enrol
- Enrollment restrictions, start with just the default rule with;
Android = Block
Android for work = Allow
If you have any additional rules they may be causing a conflict.
,Andrew
- That is defientely not an issue with device, because i have few of them working in my tenant, so please review enrolment settings.
Hi,
I checked my tenant again but I still can't get it working.
My test user has M365 Business and EMS E5 licenses added, managed Google Play is setup, the intune portal app is approved in Google Play and I configured the device registration restrictions to Android=blocked, Android Work Profile=Allowed but still I get the same errors during enrollment via app:
"Work Profile can not be added. Work profile can not be added to this device. Please contact your Administrator."and
"Device could not be added. To manage your device, you need to approve all system permissions".
To clarify my procedure, I enroll my tablet with the fully managed QR-Code token and as soon as the intune portal app is installed, I try enrolling it with the work profile where the error messages mentioned appear.
I enabled the developer options on my device and could find 2 suspicious entries in the log file:
...
com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver:..
userRestrictions:
no_add_managed_profile
defaultEnabledRestrictionsAlreadySet={no_add_managed_profile}..
It seems that either the user itself has no permissions for creating a work profile or the device was given a false setting.
May I ask which enrollment path you use for your devices Alexander Vanyurikhin ?
Kind Regards
Julian
Aluca12
Looks like i missed the point of using fully-managed device. Based on my understanding, you can't have fully managed device and work-profile on the same device.
https://docs.microsoft.com/en-gb/intune/android-fully-managed-enrollWhen using these preview features, keep the following in mind:
- Use of the Intune Company Portal app isn't supported on Android Enterprise fully managed devices.
