Managed Home Screen Woes
Setting up a Company Owned Dedicated (kiosk) Android device can be a bit challenging to get just right. After several hours of reading Reddit, Microsoft, and Personally owned blogs and threads, I figured I would consolidate everything I have found to hopefully have this show up on someone else's Google results. (Main link for Managed Home Screen Configuration: https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-managed-home-screen-app ) Calling issues with Managed Home Screen The Issue: Devices were able to receive phone calls, but the only notification was in the default system's notification tray; this was while the device was locked and unlocked. This posed an issue as we would like to 1) disable the default system tray and 2) We need at least the phone to light up when it was locked to let the users know they're getting a call. The Solution: After researching it is my assumption that the underlying issue is that while the phone is managed, and enrolled as a Company Owned Dedicated Device, for some reason the UI elements are NOT identified as managed items. So the administrator must deploy the following applications as Android Enterprise System Apps and set them as required installs: com.samsung.android.incallui --- I named this Call UI, Publisher Android com.android.server.telecom --- I named this Telecom (1 of 2 Req for Phone App), Publisher Android com.samsung.android.app.telephonyui --- I named this Telephony UI (2 of 2 Req for Phone App), Publisher Android (Yes, these are probably not the "Android Designated Application Name" but that's what they're staying as in my tenant.) That's it. Done. Phone was able to receive calls with the normal quarter of the top screen notification, as well as a full screen notification if the device was locked. However, some previous research also let me to these other items that may help someone else from googling: The Android Phone App Package ID / Android Phone App Bundle ID / Samsung Phone App is: com.samsung.android.dialer --- I named this Phone, Publisher Samsung (unsure for Google, Motorola, etc phones, this works for Samsung) This needs to be set as required as well, and assumedly placed on the managed home screen for the user to make calls (unsure if it is needed to receive calls only... if you have some type of use case for that?). Most predominant links relating to the issue: Article 1: https://www.reddit.com/r/Intune/comments/t427kv/shared_android_phonecalls_from_kiosk_mode/ Article 2: https://www.reddit.com/r/Intune/comments/vxw8xn/comment/ifylsaz/?utm_source=share&utm_medium=web2x&context=3 Managed Home Screen Conflicts App Configuration Policies currently don’t really show you any information as to why or what a conflict is; just that it’s conflicting (thanks, Microsoft). Some common issues I’ve seen around is that while some configurations are available in both the Device Configuration Profile and the App Configuration Policy; you should not apply these settings in both places (see the tables of configurations on the Microsoft doc for Managed Home Screen at the top of this article). Personally, I like having the configurations setup as: Managed Home Screen App Config Policy: Configuration Key Value Type Configuration Value Exit lock task mode password string 123456 MAX time outside MHS integer 600 MAX inactive time outside MHS integer 180 Enable MAX time outside MHS bool TRUE Enable MAX inactive time outside MHS bool TRUE Enable easy access of debug menu bool TRUE Define Theme Color string light Applications in folder are ordered by name bool TRUE Application order enabled bool TRUE Device's serial number choice {{SerialNumber}} Show device name bool TRUE Show Device Info setting bool TRUE Show Volume setting bool TRUE Show Flashlight setting bool TRUE Show Bluetooth setting bool TRUE Show Managed Setting bool TRUE Show Wi-Fi setting bool TRUE Battery and Signal Strength indicator bar bool TRUE Set device wall paper string https://i.imgur.com/OPlCeFG.jpg Lock Home Screen bool TRUE Enable notifications badge bool TRUE (Exiting Kiosk mode is then within the Device Managed Settings > i > Exit Kiosk Mode with the ‘Exit lock task mode password’ pin.) Dedicated Device Configuration Policy: (In my experience, this is an overview of the settings that should / shouldn’t be set with Managed Home Screen. This is not all the settings, that’s a lot of typing. But this will give you a good start. I am sure not all of these affect the Managed Home Screen as well, but at least the ones under Device Experience do.) General: Permission Policy – Default Date and Time – Block Factory Reset, Status Bar – Blocked Skip first hints – Enable Power Button Menu – Block System Error Warnings – Allow Enabled System Navigation Features – Home and overview buttons System Notifications and Information – Show both Device Experience: Enrollment Type – Dedicated Device Kiosk Mode – Multi-App Custom Layout – Enable (Note: all of these apps need to be deployed and set as required) App Notification Badges – Enable Virtual Home Button thru Wi-Fi Configuration– ALL Not Configured (as these are configured within the App Configuration Policy!) Bluetooth, Flashlight, Media, Quick access to device info – Enabled Managed Home Screen Background I found that the best place to configure this is only within the App Configuration Policy. The main issue everyone seems to face is that the image URL must end with a ‘.jpg’. This is very easily overcome; find an image on Google, Download it, Go to Imgur, Upload it (watch your ad), Right click it afterwards, then click Copy Image Link. Boom imgur.com/somerandomletters.jpg Finding the Android App Identifier Honestly, this is a lot more complicated than it needs to be. Note: Adding the Managed Home Screen app to the Home Screen shows up as Managed Settings and works great. Here’s a list of the common ones: App Name Store URL App Identifier Calendar https://play.google.com/store/apps/details?id=com.samsung.android.calendar com.samsung.android.calendar Camera https://play.google.com/store/apps/details?id=com.sec.android.app.camera com.sec.android.app.camera Clock https://play.google.com/store/apps/details?id=com.google.android.deskclock&hl=en-US com.google.android.deskclock Gallery https://play.google.com/store/apps/details?id=com.sec.android.gallery3d com.sec.android.gallery3d Google Play Store com.android.vending Microsoft Intune https://play.google.com/store/apps/details?id=com.microsoft.intune&hl=en-US com.microsoft.intune Managed Home Screen https://play.google.com/store/apps/details?id=com.microsoft.launcher.enterprise&hl=en-US com.microsoft.launcher.enterprise Microsoft OneDrive https://play.google.com/store/apps/details?id=com.microsoft.skydrive&hl=en-US com.microsoft.skydrive Microsoft Outlook https://play.google.com/store/apps/details?id=com.microsoft.office.outlook&hl=en-US com.microsoft.office.outlook Microsoft Teams https://play.google.com/store/apps/details?id=com.microsoft.teams&hl=en-US com.microsoft.teams Phone https://play.google.com/store/apps/details?id=com.samsung.android.dialer com.samsung.android.dialer Samsung Notes https://play.google.com/store/apps/details?id=com.samsung.android.app.notes&hl=en-US com.samsung.android.app.notes Settings https://play.google.com/store/apps/details?id=com.android.settings com.android.settings There were a LOT of articles and treads I read about these issues and I cannot possibly find them all again to post here. But here are a few to try and give credit: https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-managed-home-screen-app https://www.reddit.com/r/Intune/comments/t427kv/shared_android_phonecalls_from_kiosk_mode/ https://www.reddit.com/r/Intune/comments/vxw8xn/comment/ifylsaz/?utm_source=share&utm_medium=web2x&context=3 https://github.com/petarov/google-android-app-ids (Some of these are incorrect for my use cases (needed Android apps not Google Apps)) https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-android-for-work?WT.mc_id=Portal-Microsoft_Intune_DeviceSettings https://learn.microsoft.com/en-us/mem/intune/apps/apps-ae-system#enable-a-system-app-in-intune
Managed Home Screen Dedicated Devices in Multi-app Kiosk Mode_No Virtual Home Button
Hi All, I'm testing out the Managed Home Screen with 2-3 apps on dedicated devices in multi-app kiosk mode. I tested them on a Zebra TC77, which has physical buttons below the display, and all worked as expected. However, when testing on a Zebra TC57, the Home Button and Recent Apps buttons disappear shortly after rebooting the device, or immediately after opening any of the 2-3 apps. I've spoken with Microsoft and this is by design, which makes sense. However, both the Device Configuration Profile and Managed Home Screen App Configuration Profile offers settings for a Virtual Home Button. I have attempted to enable this as both a "swipe-up" and a "floating" virtual home button, in both the Device Config Profile and the App Config Profile, and the Virtual Home Button does not appear. I believe the issue is related to the Overlay Permissions, because when I have the Virtual Home Button enabled, the Managed Home Screen Settings shows a red notification which wants me to grant Overlay Permissions for the app. Those permissions have already been granted. When I turn off the Virtual Home Button, that notification goes away. Does anyone have any ideas on a solution for this issue? I do have an open ticket with Microsoft and will update this post if we reach a resolution. *Resolved* - The issue ended up being the 'Notification Windows' setting in the Device Configuration Profile. You have to turn that to 'Not Configured', and that will resolve the issue of the Overlay Permission alert (you'll still get this alert one time when the scanner is first setup, but after that it will go away), and it also resolves the issue of the Virtual Home Button not appearing if you have that setting turned on.
Android KIOSK, Managed Home Screen and uninstall
Hello! I've run into huge issue. If I activate KIOSK mode on Android devices, then Managed Home Screen app is installed. Now, if I remove KIOSK mode, then Managed Home Screen app is NOT uninstalled and it cannot be uninstalled via app properties group assignment as well. Why is it an issue? Because I have some devices that have KIOSK mode and Managed Home Screen is installed. I also have some devices that don't have KIOSK mode, but they still have Managed Home Screen app installed and by pressing "home" button Android asks if One UI or Managed Home Screen should be default launcher. If user chooses Managed Home Screen as default launcher, then it's empty, no apps, nothinManaged Homescreen asking for Overlay permissions again
Hi Everyone, Not sure if anyone else has seen this behaviour (seems to be very recent). This issue was previously logged https://social.technet.microsoft.com/Forums/en-US/a66dd9f4-6d9e-4030-9302-622d909ce74e/multiapp-kiosk-overlay-permission-needed-for-managed-home-screen?forum=microsoftintuneprod The Microsoft Managed Home Screen App requires overlay permissions in order to show the floating home button. Despite having permissions, it still requests it and no matter what you do, it just doesn't allow it. No changes made to inTune and when this was previously logged, it suddenly started working. Keen to see if anyone else has this issue and if they have been able to overcome it. Quite confident that this is not an Android update as we have some older tablets (with older versions) that are experiencing the same issue. DanVirtual Home Button on Zebra TC57 Not Working
When setting up Zebra TC57 scanner devices as Corporate-owned dedicated devices in Multi-app Kiosk Mode, the Virtual Home Button does not work, whether it is set to 'Swipe-up' or 'Floating'. I have an open ticket with Microsoft who has confirmed that the setting is working on the Samsung device that they are testing, so it appears to be a Zebra specific issue. Any ideas for possible solutions?From the frontlines: Accelerating retail worker shared device experience (Part one)
By: Yusuke Shinoki – Sr Product Manager | Microsoft Intune This is the second article in the "From the frontlines" series. I'm Yusuke Shinoki, I wanted to share the insights I’ve gained from my retail customers who often talk to me be about their frontline worker device scenarios. Technology has revolutionized the retail industry by enhancing operational efficiency and customer experiences. Retail employees now use shared devices to access inventory data, check product availability, and manage orders on the go. Store staff monitor sales and productivity digitally, enabling frontline workers to better serve customers by quickly accessing essential information. In supermarkets and pharmacies operating 24/7, shared devices are rotated among shift workers to perform tasks critical to the business operations. Collaboration and real time access to data is becoming increasingly important for frontline workers. Simultaneously, it’s essential to maintain secure access in line with the Zero Trust security strategy. Let’s discuss how retail associates can benefit from using Intune-managed devices at work while balancing productivity and security. Retail associates device needs Let’s say retail giant ‘Contoso’ wants to provide shared devices to retail associates, so they can help customers and drive sales. They want each associate to be able to pick up a device at the beginning of their shift and allow them to feel like it’s their own for the duration of the shift. Additionally, they want their associates to be able to collaborate with other associates via Microsoft Teams and access their internal employee portal. At the end of their shift, they want associates to log off and return their devices to the central pool, confident that their personal data won’t be seen by the next associate. To support this scenario on shared devices, use Intune’s Android Enterprise dedicate devices enrollment solution with Microsoft Entra shared mode (Fig. 1) and Managed Home Screen. Android Enterprise dedicated devices with Microsoft Entra shared mode and Managed Home Screen allows IT admins to provide consistent shared device user experience. In Contoso’s case, the Contoso IT team needs to provide user experiences for retail associates such as: Easy experience for device sign-in when starting their shift and sign-out at the end of their shift. Setting a temporary session PIN for individual associates during their shifts while using devices. Easy app switching. Associates experience The Contoso IT team must ensure seamless device sign-in to maximize associate productivity during limited shift hours. Intune and Managed Home Screen provide options to reduce shift swapping time by allowing workers to simply enter their Microsoft Entra ID account into the device and sign in. Microsoft Entra ID accounts require entering a User Principal Name such as "user@contoso.com". By configuring the "Domain name" setting in Managed Home Screen, associates will automatically see the domain name options available to them. This allows associates to quickly enter their ID and start using the device efficiently. (Fig. 2) After completing the initial Microsoft Entra ID authentication on the Managed Home Screen, associates set up a temporary session PIN (Fig. 3). This session PIN allows them to securely use shared devices for their tasks throughout their shift. The associates’ credentials are then used to enable a single sign-on experience with supported apps. Usually switching apps in Kiosk mode is cumbersome, but Managed Home Screen leverages the virtual app switcher button to switch between apps quickly, just like they do on their regular Android devices. (Fig. 4) This feature enhances the user experience by allowing seamless transitions between applications, ensuring that workers can maintain productivity without unnecessary delays. Once the associate's shift ends, they can easily log out and return the device to the pool. This ensures that all apps are securely signed out, preventing the next shift's associate from accessing any personal data handled by the previous user (Fig. 5). Even if the previous user forgets to sign out at the end of their shift, it's not a problem. The next user can easily start their session by using the “Switch User” option (Fig. 6). These streamlined user experiences allow retail associates to concentrate on their tasks without delays, improving productivity and user experience. Setting up Managed Home Screen and the new simplified sign-in option Configuring Managed Home Screen can be done through the device configuration profile (Fig. 7) but if you need advanced customization you can use app configuration policies (Fig. 8). This configuration is the same as described previously for the healthcare scenario: From the frontlines: Revolutionizing healthcare workers experience. For step-by-step instructions on setting up Managed Home Screen, refer to the blog: How to setup Microsoft Managed Home Screen in kiosk mode on Dedicated and Fully managed devices. In addition to “Domain name” configuration, we’ve been working on further simplifying the sign-in experience. As of March 2025, we introduced QR code sign-in as a public preview. This new feature aims to streamline the initial sign-in process for frontline workers. For additional details on QR code authentication, refer to the following information: Simplify frontline workers’ sign-in experience with QR code authentication | Microsoft Community Hub How to enable QR code authentication in Microsoft Entra ID (preview) - Microsoft Entra ID | Microsoft Learn. Summary In this post, we explored how retail shop associates can use Android Enterprise dedicated devices with Entra Shared Mode and Managed Home Screen powered by Microsoft Intune throughout their shifts. This same type of configuration can be used in many other Android shared device scenarios such as warehouse operations, factory floor, and more. For more guidance review the Microsoft Learn articles: For information on how to set up shared Android devices refer to: Enroll Android Enterprise dedicated, fully managed, or corporate-owned work profile devices in Intune You can find more information on Managed Home Screen and how it can improve the user experience refer to: Configure the Microsoft Managed Home Screen app If you’d like to learn more about how Microsoft Entra Shared Device Mode can help your users easily sign in and sign out leveraging single sign-on review: Shared Device Mode overview - Microsoft identity platform To learn about how to setup maintenance windows and define application update conditions refer to: Corporate-owned Android Enterprise device restriction settings in Microsoft Intune For information on enabling new QR code authentication refer to: How to enable QR code authentication in Microsoft Entra ID (preview) - Microsoft Entra ID. If your device usage is similar to that of frontline workforces, consider using this solution and let us know how it works for you by leaving a comment below or reaching out to us on X @IntuneSuppTeam! In our next “From the frontlines”, we’ll dive into scenarios involving dedicated devices tailored for specific tasks that enhance customer service and efficiency in the retail industry. Check out From the frontlines: Frontline worker management with Microsoft Intune to see more “From the frontlines” blogs. Stay tuned!
Edge (Android) "Send to Phone" ; Replicate w. Intune?
Hello, If I try and deploy either a "managed web app" to get a shortcut on my Android device OR using Microsoft Managed Home Screen (configuring it using an app configuration policy) both of those ways open up the "normal" Edge browser. However if I select "Send to phone" the website / shortcut then open Edge without any menus so it becomes like a mobile app; how can I replicate that behavior when using Intune i.e. to deploy such a shortcut on the home screen of a Intune managed Android device? Best Regards - Karl Update: Solved it by using Chrome instead of Edge, if I use Chrome then the weblink deployed through Google Play (see link below) honor the "display"-setting in the weblink; https://docs.microsoft.com/en-us/mem/intune/apps/apps-add-android-for-work#managed-google-play-web-links Disappointed that it doesn't work w. Edge since both Chrome and Edge are chromium-based.Managed Home Screen, Overlay permission, not able to allow site permissions
Hi, We use shared devices, enrolled as dedicated devices with Azure AD, and deploy Managed Home Screen to them. Overlay permission is granted for MHS. When browsing to a website (in Edge) that requires permissons to use the device Location or Camera the expected pop-up asking you to Allow or Block the permission is shown, however nothing happens when pressing any of the options. Meaning you cannot allow site permissions. I know this is related to the Overlay permission that is granted for MHS, since it works if I exit kiosk mode. We had a similar problem a few months ago, where we got another message saying “This site can´t ask for your permissions…” when we tapped the Allow button. That problem was solved by adding an app configuration for Edge, “Enable Overlay Permission Detection” and set it to False. That setting is still applied but since some weeks ago, probably since last Edge update, it does not help. I have found a workaround, not very user friendly though. If I refresh the web site 3-4 times until the permission pop-up stops showing, I can tap the lock-icon in the address bar and switch the required permission from blocked to allowed.
