android
598 TopicsIntune ending support for custom profiles for personally owned work profile devices in April 2025
Years ago, before Microsoft Intune provided the many Android settings available today, Microsoft Intune introduced custom configuration profiles for Android Enterprise personally owned work profile devices. Custom profiles allow admins to configure settings that weren’t built into the Microsoft Intune admin center, leveraging Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings used by device manufacturers. Today, admins can configure all of the settings available in custom policies for personally owned work profile devices through other policy types in the Microsoft Intune admin center. The one exception is configuration of Basic Wi-Fi profiles with a pre-shared key, which will be supported in Wi-Fi configuration profiles in the first quarter of calendar year 2025. Because custom profiles are harder to configure, troubleshoot, and monitor, and offer no additional benefits now that equivalent settings are available in the Microsoft Intune admin center, we’re ending support for custom profiles for Android Enterprise personally owned work profile devices on April 1, 2025. Note: This change only applies to custom profiles for Android Enterprise personally owned work profile devices and doesn’t impact custom profiles for Android device administrator devices. How does this affect you or your users? After Intune ends support for custom profiles for personally owned work profile devices in April 2025: Admins won’t be able to create new custom profiles for personally owned work profile devices. However, admins can still view and edit previously created custom profiles. Android Enterprise personally-owned work profile devices that currently have a custom profile assigned will not experience any immediate change of functionality. Because these profiles are no longer supported, the functionality set by these profiles may change in the future. Intune technical support will no longer support custom profiles for personally owned work profile devices. How to prepare for this change To prepare for this change, follow these steps to check if you have custom profiles for personally owned work profile devices and learn how to set up alternate policy types: Navigate to the Microsoft Intune admin center. Identify the custom policies in use in your tenant: Select Devices > Android > Configuration. Filter the Platform column by Android Enterprise to get a list of Android Enterprise policies. Sort the Policy type column and look for all the policies with policy type listed as Custom. (If none are found, then no action is needed.) Create policies with equivalent settings. See tables below for settings mapping. Assign the new policies to the same groups that had been assigned the custom profiles. Unassign all groups from the custom profiles. Test and confirm device behavior is unchanged, that the new profile settings fully replace functionality from the old custom profiles. Delete the custom profiles. Replacements for custom settings Below is a mapping from custom settings to the alternate settings that you should use instead. Work profile settings Custom setting Equivalent setting ./Device/Vendor/MSFT/Container/ DisableRedactedNotifications Create a device restrictions policy > Work profile settings > General Settings > set Work profile notifications while device is locked to Block ./Device/Vendor/MSFT/WorkProfile/ CustomGmsWorkProfileDomainAllowList Create a device restrictions policy > Work profile settings > General Settings > Add and remove accounts, set to Allow all accounts types and configure Google domain allow-list ./Device/Vendor/MSFT/WorkProfile/ WorkProfileAllowWidgets Create a device restrictions policy > Work profile settings > General Settings > Allow widgets from work profile apps ./Microsoft/MSFT/WorkProfile/ DisallowCrossProfileCopyPaste Create a device restrictions policy > Work profile settings > General Settings > Copy and paste between work and personal profiles ./Vendor/MSFT/Policy/Config/DeviceLock/ MaxInactivityTimeDeviceLock Create a device restrictions policy > Password > Maximum minutes of inactivity until work profile locks ./Vendor/MSFT/WorkProfile/ DisallowModifyAccounts Create a device restrictions policy > Work profile settings > General Settings > set Add and remove accounts to Block all account types. ./Vendor/MSFT/WorkProfile/Applications/<package>/ PermissionActions Create an app configuration policy for Managed devices > Permissions > Add ./Device/Vendor/MSFT/WorkProfile/ WorkProfileEnableSystemApplications Follow the steps to Manage system apps Wi-Fi settings Custom setting Equivalent setting ./Vendor/MSFT/WiFi/Profile/<SSID>/Settings Create a Wi-Fi policy with your chosen Wi-Fi configurations for personally owned work profile devices. Here you will also be able to configure Wi-Fi with a preshared key when it becomes available. ./Vendor/MSFT/WiFi/<SSID>/Settings ./Vendor/MSFT/DefenderATP/Vpn Create an app configuration policy for managed devices and set Targeted app to Microsoft Defender: Antivirus and then configure VPN VPN settings Custom setting Equivalent setting ./Vendor/MSFT/VPN/Profile/<vpn name>/PackageList Create VPN profiles with your chosen VPN configuration for personally owned work profile devices ./Vendor/MSFT/VPN/Profile/<vpn name>/Mode ./Vendor/MSFT/DefenderATP/AntiPhishing Create an app configuration policy for managed devices and set Targeted app to Microsoft Defender: Antivirus and then configure Anti-Phishing. ./Vendor/MSFT/DefenderATP/DefenderExcludeAppInReport Create an app configuration policy for managed devices and set Targeted app to Microsoft Defender: Antivirus and then configure Hide app details in report and Hide app details in report for personal profile. ./Vendor/MSFT/DefenderATP/DefenderTVMPrivacyMode Create an app configuration policy for managed devices and set Targeted app to Microsoft Defender: Antivirus and then configure Enable TVM Privacy and Enable TVM Privacy for personal profile ./Vendor/MSFT/DefenderATP/Vpn Create an app configuration policy for managed devices and set Targeted app to Microsoft Defender: Antivirus and then configure VPN Stay tuned to this blog for updates! If you have any questions or feedback on this change, leave a comment on this post or reach out on X @IntuneSuppteam. Post updates 12/10/24: Minor formatting fixes.2.7KViews3likes1CommentSave to vpn-connected cloud
I'm running MS 365 on my Samsung Ultra 24 android phone. When using MS Word and choosing the "save as" option, i am given a number of options such as this device, one drive, drop box etc. However I want to save to my NAS via the VPN that connects both my phone and NAS. Can this be done? Is there an Android app that integrates with MS 365 for this purpose? TIA ... Greg8Views0likes0Comments- 41Views0likes2Comments
Application Protection Policy not applying to Microsoft 365 (office)
Hello Community, We have setup an APP for MS applications (android), that prevent users from saving attachments, or documents received by teams or even documents that reside on OneDrive to their local storage, we have also configured some security aspects like PIN code or biometric fingerprint to access the apps. Everything is working fine from Teams, Outlook, OneDrive, but when i use "Microsoft 365 (Office)" App, its like the policy is not applied to this specific application, i can download files, i can access the app with no need of PIN or Fingerprint, i can access a Word file and choose save as and put it in my local phone storage. i have already created a ticket to Microsoft, but they are veeery slow. can you please help.681Views0likes16Comments