none
Enforcing Passcode on Android Enterprise Devices RRS feed

  • Question

  • Is it my understanding that the following features are unavailable for "Corporate-owned, fully managed user devices" (IE, android enterprise) preview.

    • Use of the Intune Company Portal app isn't supported

    Therefore we can not use "work profiles" to enforce passcode

    Instead I have configured required passcode under: Device Configuration -> Test Profile (Set as Platform = Android Enterprise, and Profile type = Device Restrictions) -> settings -> Device Password -> 

    • Requite Password Type: At least numeric
    • Minimum Password Length: 4
    • Number of sign-in failures before wiping device : 5

    And have assigned above profile to the a group which contains the user that is enrolling the device

    However, still, after enrolling the device via scanning Enrollment token QR code and entering user log in credentials. Passcode is still not enforced

    Is there something here I'm missing. Or can a passcode simply not be enforced on Android Enterprise devices using Intune

    Tuesday, February 26, 2019 4:59 AM

All replies

  • For the purpose of clarity.... Android Enterprise and Android corporate-owned fully managed are not the same thing therefore the terminology is not interchangeable which seems to be what you've done. Secondly the support statement is that the Company Portal app for end-user scenarios. What is it exactly that you are trying to accomplish here?

    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo

    Tuesday, February 26, 2019 5:34 PM
  • For the purpose of clarity.... Android Enterprise and Android corporate-owned fully managed are not the same thing therefore the terminology is not interchangeable which seems to be what you've done. Secondly the support statement is that the Company Portal app for end-user scenarios. What is it exactly that you are trying to accomplish here?

    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo

    Hi John,

    Thanks for the reply. Apologies if my terminology is inaccurate, let me explain the process we are trying to achieve.

    I am taking a factory reset android phone and using the QR code (under Microsoft Intune > Device enrolment > Android enrolment > Corporate-owned, fully managed user devices (Preview) > Enrolment Token) to enrol the device. This enrolment is done by tapping multiple times on the first screen you see after a wipe to bring up the QR code scanner, then scanning the enrolment token QR code.

    I then go through the enrolment process for a test user. This test user has had the Device configuration profile, mentioned in original post above, that enforces passcodes assigned to them (well rather a group they are a member of).

    After enrolment has completed, the user is not required to create a passcode. And the device functions fully without the need for a passcode (ie email and app setting all work, apps installed, etc).

    Other setting in the profile do get applied, such as blocking of factory reset, blocking of adding users, etc. Other config profiles such as WiFI config also get picked up and applied without issue. It is only the Passcode that is not being enforced

    Our end goal is to be able to ship new/factory reset phones to users with the enrolment QR code and have the user enrol the phone themselves. But to do this we need to make sure the device is secured with a passcode. At present a device can be enrolled, potentially granting access to corporate data, without a passcode being enforced, an obvious security risk.

    Tuesday, February 26, 2019 10:51 PM
  • Hi IR44,

    Did you get this solved?

    Sunday, October 20, 2019 10:19 AM