Android Enterprise Customer Community
Recently active
Only my account was Owner for our Android Zero Touch portal, when I added another email, it changed my Owner role to the role I was assigning to the new user (Assigner) How do I get this fixed? Can’t find any way of contacting Google support to correct this, other than posting here.
Hello everyone,I'm looking for advice from anyone who has successfully joined the Android Enterprise EMM Partner Program.Our organization recently applied for the program but was informed that the application did not meet the required criteria. We understand that Google does not provide detailed feedback regarding application decisions.Afterward, we attempted to start the onboarding process again, but the Partner Portal consistently displays the following message after entering our valid D-U-N-S number:"Something went wrong! If this problem persists, please contact support."We contacted the Android Enterprise Community Team, and they replied that they cannot provide specific feedback or details regarding application decisions.I would appreciate hearing from anyone who has experienced a similar situation.Specifically:Is there a waiting period before submitting another application? Does Google reset the previous onboarding/application record, or should a new application be created? Has a
Hello Android Enterprise Community,I am experiencing an issue where Google Photos does not appear on the Managed Home Screen (MHS) home screen, despite being correctly configured in the allow-list. I have already contacted both Microsoft Intune Support and Samsung Support, and I would like to share their responses and seek further guidance. EnvironmentDevice: Samsung Galaxy A25 5G (Model: SCG33)OS: Android 15Enrollment: Android Enterprise - Corporate-owned Dedicated Device (Fully Managed, Dedicated)Kiosk Mode: Multi-app kiosk (Managed Home Screen)MDM: Microsoft IntuneSymptomGoogle Photos (com.google.android.apps.photos) does not appear as an icon on the MHS home screen, even though it is correctly listed in the applications allow-list in the app configuration policy.All other apps (Google Maps, LINE WORKS, Samsung Camera, Phone, etc.) are displayed and working correctly on the same MHS configuration.What I have already verifiedGoogle Photos is assigned as Required to All Devices via Ma
Hello,4 days ago a security issue has been discovered on linux and this time all posts says it is impacting Android. I’m waiting from Samsung on this (exchange with ETS already) but is there some infos somewhere from Google on this CVE ? the forum AI agent says this CVE is not on the data.CVE-2026-46242https://www.securityweek.com/proof-of-concept-exploit-released-for-linux-bad-epoll-root-access-vulnerability/
Apparently, Google has a new policy that only approved DPCs can be installed through QR Provisioning; otherwise, their installation will be blocked.Link: https://developers.google.com/android/play-protect/warning-dev-guidance#android_enterprise_dpc_enrollment The problem is that I am not able to understand how to apply for DPC approval. I found this page, but still not able to find out where to apply. Your help is appreciated. Thanks
Hey everyone, Last Thursday, Jun 4, 2026, we hosted an in-person gathering for our CAFE members and friends at Google's London office. It was a pleasure to welcome IT admins and owners from both the Android and ChromeOS CAFE communities. We are incredibly grateful to everyone who made the journey to be there; seeing so many familiar and new faces together in one room was truly a highlight. The CAFE (Customer Advisory for Enterprise) is a dedicated private group, for product development and discussion, housed here in the Customer Community. Whilst a lot of the discussions often happen online, several times a year we host an in-person event. The heart of the event was our Product Roundtable Discussions. These sessions provided a unique opportunity for customers to speak directly with our Product Managers and Google team members across an array of enterprise topics, ensuring that your real-world requirements/use cases are heard and help to shape current and potential future product decisi
We are certified Android Enterprise Mobility Management (EMM) provider and an authorized Zero-touch Reseller based in Bangladesh. We specialize in enterprise mobility, with our proprietary MDM platform, MobiManager, actively used by leading organizations for secure device management at scale. In line with the growing demand for secure and inclusive smartphone access, we’ve developed PayProtect—a custom Device Policy Controller (DPC) tailored to support EMI-based smartphone financing. This solution enables real-time compliance, device-level control, and robust protection against default, thereby minimizing risks for telcos, lenders, and retailers. Now we want to integrate Google’s Device Lock Controller (DLC) for built-in solution for better performance. So how can we make partnership Google’s Device Lock Controller (DLC). Thanks in advance.
I tried to create a new account but didn’t finish the process on the first day. When I came back the next day to complete it, I received the error message:ERROR_CREATING_USER – Portal user already exists for contactThis means the system has already linked my contact information to a portal user profile, even though I never fully completed the registration. Because of that, I’m unable to create a new account now. The incomplete registration seems to have locked my contact details, leaving me stuck in the process.
We are using a custom DPC, and a few enterprise customers with critical use case. Because of their strict Change Management (CM) processes, they need at least 60 to 90 days to test and approve any app update.Currently, we suggested to use Managed Google Play and Postpone policies, but there is a problemHere is the exact problem workflow:Day 1: Customer enrolls devices on V1 and applies a 90-day Postpone policy.Next 90 Days: We release V2, V3, and V4 to production to support our other market customers.Around Day 90: The customer’s IT team thoroughly tests and approves V3 from their Management.Issue : The moment the 90-day postponement expires, Managed Google Play automatically pushes the highest available version(V4)The customer wants V3 to be updated in all devices, but Managed Google Play forces them straight to V4.Since our DPC is already live, we can't stop releasing updates for other Customers.How can we solve this issue?
After upgrading my Google Pixel 9 Pro with a personally-owned work profile enrolled in Intune, all the widgets disappeared from my home and lock screens. This is happening to others as well as evidenced by these posts in other communities:Reddit - r/GooglePixel - Widgets gone after android 17 update Reddit - r/GooglePixel - Android 17 causes widgets to disappeare when using Island Google Support - Pixel Phone Help - widgets disappeared from the home screen Google Support - Pixel Phone Help - Widget issues after update to Android 17 Google Issue Tracker #488125748Additionally, I cannot add the widgets back. The widget picker only shows a limited number of widgets and seems to exclude widgets that display personal information. For example, the Google Calendar or Google Tasks widgets. Other widgets that simply function as a shortcut are unaffected.Widgets in the personal profile can be restored by pausing and unpausing the app for the widget you want. However, after rebooting, the widgets
We have two active Zero-touch configurations in our customer account. However, our reseller can’t see any configuration profile while importing devices through the Motorola Zero-touch portal. since reseller can’t see the configuration profile whenever they import device in Zero touch portal devices automatically associate with the default configuration. How can reseller map the devices with appropriate configuration ID when there are multiple configuration profiles configured on google zero touch
Hey, I’m trying to better understand this AMAPI release (May 2026), we currently have issues with our corporate owned personally enabled devices where if a users personal gmail account is added to the personal profile of the device if the device is reset via recovery mode the users pin / personal gmail account is required.We started using EFRP admin emails to bypass this so we could get back into our own devices, we’re a large organisation so users generally don’t reset devices before handing them back or hand them back to their manager who is unaware of our process.What I’d like to understand is what the below change did as after testing this it still seems to be the same that when setting the FRP admin emails setting to be not configured a recovery mode wipe still triggers consumer FRP.AMAPI improves Factory Reset Protection (FRP) policy handling on COPE devices by explicitly disabling FRP and clearing account lists when no admin emails are configured, preventing unexpected lockouts
Hi everyone, I’m trying to enroll a fully managed Android device using the Android Management API. I generate an enrollment token, create the QR code, factory reset the device, and start the QR-based provisioning process. Everything works until the Android Device Policy step, where I get the following error: “Since your organization has reached its usage limits, this device can’t be set up.” I am unable to get past this point. Here is what I have already checked:Listing devices through the API returns an empty list. There are no enrolled devices at all.Billing is active on the cloud project and the Android Management API is enabled.Enterprise creation works, policies return correctly, and I can generate enrollment tokens without any issues.The device is correctly factory reset and the QR scan is working as expected.I tested with both a Workspace-based enterprise and a Gmail-based enterprise. The same limit error appears on both, even though both enterprises have zer
Hi there,New to the Android community!I have a problem where my predecessor created an account for the Google Zero Touch portal and used his company phone number for MFA (only method). The phone number is long gone from the company and can’t be used anymore. Is there any chance to recover the account? I know the email and password!If there is not possibility, what steps do I need to do to set up a new one? We have most resellers listed so I believe I I can ask them to change org id. But what about the currently registered devices?
Howdy all,I’m building an internal MDM tool for our small fleet of 22 Samsung tablets.I think I’ve done everything I need to but I can’t enroll a tablet as I don’t have any quota. The API should be enabled on my cloud project and when I look at the quota page, I only see requests-per0minute quotas. What’s the best course of action to increase the quota for a small deployment? I don’t have a DUNS number so the EMM partner form isn’t applicable. Any help is greatly appreciated!Kind regards, - Luke
When the portal asks us to enter the DUNS Number, it gives an error, even though our DUNS Number is valid. Could you help us resolve this issue?
Hello community, I'm writing this post 'cause I'm facing a strange issue with the lock screen setting on our AE devices managed from Intune.The configuration policy was created by my predecessor years ago, and was configured for lock teh screen after one minute. Everything working and all happy.Then I got the request for create an exception group for that, and everything I tried failed.I tried to change the global policy to 5 mins, but it did not worked, and the maximum lock screen time is still one minute.Also remove the setting at all and left it Not Configured didn't had any effect. Then I tried to disable One Lock. With this I was able to change the system lock screen settings but on Settings - Security and Privacy - More Security Settings - Work Profile Security - Use one lock I cannot set anything longer than one minute. Pretty sure this is coming from somewhere in Intune, but also involving Microsoft and sending them the verbose logs wasn't enough.Did any of you ever e
The Scenario: I am currently testing a deployment where I need to manage Android devices as Company-Owned / Device Owner mode. I have already whitelisted and uploaded the device Serial Numbers (S/N) directly into the Google Admin Console inventory. The constraint: I do not want the end-user to input a corporate Google Account during the initial setup wizard, and I am not using a third-party EMM (like MobileIron, Intune, or VMware Workspace ONE). I want to rely strictly on Google Workspace's native Advanced Mobile Management. The Question: How can I seamlessly trigger the Android Device Policy enrollment right out of the box so that the device recognizes its corporate ownership from the S/N inventory without halting at the Google Account sign-in screen?While researching online, I read that it's possible to trigger this native enrollment using a specific Admin QR Code scanned at the initial setup screen (by tapping the screen 6 times). However, information on how to generate or configu
dear community,some days ago i've Retired a Android COPE (Corporate owned work profile enabled) Device from Intune. In Addition, the Device record where also removed from Samsung Knox Mobile Enrollment Service.I've found out, that on the device itself under Device admins the App "Enrollment Service" is in place and cannot be deactivated.Samsung Support told me already, that "Enrollment Service" is not coming from them, this comes from MDM System.Microsoft Support (what a surprise) had absolutely no idea what im talking about.Now, i want to try my luck here in Android Enterprise community.Did someone else had this Situation, especially with Intune?Google Statement about Retire (RELINQUISH_OWNERSHIP)https://developers.google.com/android/management/deprovision-device#relinquish_ownership_commandIn my point of view, the Device should be fully personal after that action.But when a Device Admin App is still in place which cannot be deactivated, this is then weird.For example: If user, who ca
Hello,We implemented an EMM solution using the Android Management API prior to 2024 and were able to successfully test it in our staging environment.As we are now preparing for a production deployment in 2026, we attempted to create a new EMM enrollment token/EMM instance but encountered a "device quota exceeded" message.We are unsure about the current quota policies, and the process for obtaining additional quota or creating a new EMM instance for production use. Could anyone please advise on the next steps or point us to the appropriate documentation or support channel?Any guidance would be greatly appreciated. Thank you in advance.
Hi all,I'm running a self-hosted Fleet MDM instance for personal/homelab use and I'm trying to enroll my own Android phone using a work profile. I've hit the "your organization has reached its usage limits" error during enrollment, despite having zero devices enrolled.Setup details:- Created a brand new Managed Google Play Accounts Enterprise via the "Sign up for Android only" path- Enterprise was created successfully- Enrollment token generated successfully- 0 devices currently enrolled- Enrollment proceeds normally — gets all the way through the work profile setup and hangs on "Updating phone" — then fails with "Your device can't be set up because your organization has exceeded its usage limits" My use case is purely personal — I'm a hobbyist running Fleet MDM at home to manage my own devices, not building a commercial EMM product. Is there any way to get this quota lifted for a single personal device? Is the AE Compliance team the right contact, and if so, how do I reach them?Tha
I am currently using a Microsoft Intune account to connect with the Managed Google Play Admin Console.Due to a company split, I need to change the domain of my Microsoft account (for example, from linon@abc.com to linon@xyz.com) while keeping the same user account.Since the associated Google account will remain unchanged (linon@abc.com), will I still be able to use the updated Microsoft account (linon@xyz.com) to log in to the Managed Google Play Admin Console?
Hello Android Enterprise Community,I am looking for some guidance regarding app publication for our organization. We have developed a custom/line-of-business (LOB) Android app that we need to deploy internally to our managed devices, but I want to make sure we follow the proper procedures.Could anyone share the recommended workflow or best practices for this? Specifically:Is it better to publish the private app directly through our EMM console (using the Managed Google Play iframe) or via the standard Google Play Console? What are the key things to keep in mind regarding Organization IDs to ensure only our targeted devices can see and download the app? How long does the initial publishing/approval process typically take for enterprise private apps?For context, we are currently using [Insert your EMM provider here, e.g., Microsoft Intune, VMware Workspace ONE, Ivanti] to manage our fleet.Any advice, documentation links, or tips from your own deployment experiences would be highly
Hey everyone, This month marks three years of the Android Enterprise Customer Community. 🥳🎂🎊 As someone who joined the team fairly recently, I wasn't around for the first two birthdays, but I've read the posts, heard the stories, and spent the last few months getting to know so many of you. One thing has become very clear: this community is something genuinely special, and it's all of you that make it that way. Thank you.The past year has been a big one, with over a million visits to our corner of the internet, and we wanted to take a moment to reflect on some of what we've been up to together. A bigger family Last July, ChromeOS found a new home here alongside Android Enterprise, and in February this year the Chrome Enterprise community also came onboard as we migrated to our on our new community platform. We're settled in now, and it's already opened up some great cross-product conversations. A very special shout out Before anything else, we want to call out some of our top contri
Hello everyone,We are currently facing an issue where Google Play Protect is blocking our Android application during device provisioning.Context: - It is not distributed via Google Play (but is already published); it is hosted externally and installed during provisioning via QR code.- The app is properly signed, and provisioning works at the system level, but Play Protect blocks the app with the message “App blocked to protect your device.”- This started happening recently on new devices / factory reset devices. We have already submitted the official Play Protect appeal form as recommended in the documentation:The form was completed with all required information (APK, package name, signing certificate, use case, etc.).At this point, we are looking for guidance from the community: - How long does it usually take for the Play Protect appeal form to receive a response or decision?- Is there any additional step or channel recommended for Android Enterprise DPC apps in this s
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.