Fixed: Android QR Code enrollment with corporate-owned-fully managed user devices (Preview) mode of Intune erases default apps after enrolling.

Microsoft Intune allows you to manage all your devices in a single platform. Windows, Android, MacOS or iOS can be managed using Intune device management capabilities.

Intune

When it comes to Android specifically, there are several ways you can enroll and manage a device.

Android Enterprise (offering a set of enrollment options that provide users with the most up-to-date and secure features):

Android Enterprise work profile: For personal (used mostly in BYOD scenarios) devices granted permission to access corporate data. Admins can manage work accounts, apps, and data. Personal data on the device is kept separate from work data and admins don’t control personal settings or data.

Android Enterprise dedicated: For corporate-owned, single use devices, such as digital signage, ticket printing, or inventory management. Admins lock down the usage of a device for a limited set of apps and web links. It also prevents users from adding other apps or taking other actions on the device.

Android Enterprise fully managed user devices: (In Preview Mode) For corporate-owned, single user devices used exclusively for work and not personal use. Admins can manage the entire device and enforce policy controls unavailable to work profiles.

If you decide to go ahead with the 3rd option, there are a few things to consider.

  • Supervised mode supported only for latest devices
  • At least Android 6.0
  • Enrollment is done manually via a QR code
  • Device has to be fully erased before the enrollment begin

Take the following steps to ensure your device retain all the default and system apps (google apps, camera, calculator, calendar, photos etc..). In my case, the original QR given by Intune simply took off all default and system apps after enrolling. This workaround is to address this issue.

To get the QR code from your Intune profile which is relevant for your enrollment, head on to Intune –> device enrollment blade –> Android Enrollment –> Choose “Corporate owned-fully managed user device” option –> Make sure this option is enabled and you can see the QR right there.

QR Code section

And now head on to one of the QR code decoding service. I used https://blog.qr4.nl/Online-QR-Code-Decoder.aspx which did the job very well without any cost for me. Its just a matter of uploading your QR and click a button to simply extract the code behind.

Now you have the code behind with you. we have to edit this and include the following portion in the code.

“android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED”:true

Once it added, your final code would look similar to this:Code_Final

Now, we need another service to re-encode this new code we have. I used https://www.qr-code-generator.com which was great for me. Again there is no cost for this, too!

Once you have encoded, you can download the QR. And now simply use this one to enroll the Android device.

Android3

If you followed the steps correctly, all default and system apps should remain intact after the enrollment.

Android2      Android1

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s