Android 15 - CredentialProviderPolicy not surfaced by Intune
I have been having an issue with Android 15 devices. We use Authenticator as our password autofill provider. As soon as a device is updated from Android 14 to Android 15, the password autofill provider is no longer set and the setting to change it is 'blocked by work policy.' I have already tried removing all policies that apply to the devices (device config and device compliance policies) and factory resetting them. Simply having them enrolled as corporate owned fully managed devices causes this to happen. I raised the issue in the Android Enterprise community blog. A link to that is included below. Someone on that thread found that there is a policy in Android 14/15 called the credentialproviderpolicy. When that policy is blocked or unconfigured, this behavior happens. I cannot find anywhere in Intune where I can set this policy. It seems that it is allowed by default when managing Android 14 with Intune, but not set or blocked when the device switches to Android 15. Is there any way to specifically set a policy that is not reflected in the Intune UI? This is a blocker for being able to move more phones to Android 15. Link to Android Enterprise thread: https://www.androidenterprise.community/t5/admin-discussions/android-15-cannot-set-default-password-app/m-p/8827#M2105 Thanks, Tom
Managed Home Screen MSAL - severe issuse
Hi Intune Community! We are currently experiencing severe issues with Managed Home Screen and MSAL on our shared Android devices, managed as dedicated with Entra Shared mode. Anyone else experiencing issues? Quite often when a user types her user name at the MHS sign in page and press the Sign In button, the screen only blinks and nothing happens. Only workaround is to restart the device and then it often works to sign in a user once or twice, until same issue happens again. It affects all devices and all users and we have tried both the latest version of MHS and some older version. No difference. Some things that we have seen is: If we exit kiosk mode and start the Intune app it says "Something went wrong" and shows a Register button. This is however gone when restarting the device. (see images below) If we start the Authenticator app, also after exit kiosk, it asks for "organization email" and shows a Register button. This is also back to normal once you restart the device. (see images below) If we let the device be after trying to sign in, 10-20 minutes later it has managed to sign in and asks for setting a Session PIN. The problem is that it is the user who last made a successful sign in who gets signed in. Huge security issue. We also see that Edge and Teams (probably other msal-enabled apps as well) doesn't behave as normal even if you successfully sign in. Teams ask what account to sign in with. Either selecting the suggested account or pressing the Back-button (<) signs you in. (see images below)
MDM Work Portal Settings – Android – iOS
Hello Team, Please help me with some questions I have regarding the implementation of my MDM policy on Android and iOS mobile devices. When installing these applications, the following questions arise: Why is "location" required, and why is its activation necessary? It requests permission to access the phone's storage — why is this needed? How is web browsing managed or controlled? Defender asks to activate a VPN — I would like to understand why this is necessary. How does Defender classify the severity level as high, medium, or low, and how is this used to determine whether a device is considered compliant?
iPads in Single App Mode stuck after Update
Hi, We've got a bunch of iPads that we control via InTune, a bunch are set to Single App Mode. They have auto-update on for iOS updates, however when they restart themselves after completing the update often(not always) they will go back to the lock screen rather than the single app screen. Thankfully we've got the SN displayed on the lock screen and when we reboot from InTune it fixes it, however this isn't a proper solution. Because it's single app mode it won't let the users swipe away the lock screen. Has anyone got a fix for this? Any assistance is greatly appreciated.
WiFi profile does not work
I registered my device as a dedicated device for a single app, and I want to configure it so that it automatically connects to a network that the ESP32 generates, that is, a network without internet, but I am having difficulty doing this, I will show a photo of how I configured it and if there is anything wrong. I'll wait. Note: Android Enterprise platform and does not have a passwordHow to convert existing discovered apps for windows 11 enrolled devices to intune managed apps
I have a number of enrolled computers that are EntraID joined which have marketplace applications like WinRAR and Notepad++ that were installed locally before enrollment. Additional users also had local Admin permissions and had installed those apps at some point. By using Defender Vulnerability and Intune Discovered apps, I added Win32 WinRAR and NotePad++ as available apps for enrolled devices, for example, in hopes of being able to then have the apps become Intune Managed. My next hopes were then to use Intune Supersedence to then manage their revisions, accomplishing the ability to manage vulnerabilities and application versions. Does anyone know if there is a way to take a discovered app that was preinstalled on a computer like WinRAR or Notepad++ and "convert" them to managed apps in Intune?
