Include system apps for Android Enterprise (AfW) Work Profile
We need the ability to add system apps like the system camera or phone app to the work profile. Other EMM vendors already support this feature.
Hi guys, we worked this out with the new (preview) company owned - working profile enrollment.
First go in your endpoint under Apps -> Android -> click Add+ -> App Type "Android Enterprise system app" and create e. g. your native Samsung camera app, with the corresponding package name (com.sec.android.app.camera).
Then just assign this app to a group you created which includes the specific device. With an android enterprise system app you can only say "required". But if you do this it will automatically install the desired app.
This process should also work with a personal owned device with working profile
Do it like this: https://www.inthecloud247.com/how-to-add-android-enterprise-system-apps-with-microsoft-intune/
And for Samsung with this Packages: https://support.samsungknox.com/hc/en-us/articles/360050735713-How-to-enable-system-apps-in-Work-Profile-on-a-Samsung-device
Works great for me and my users
This is three mouse clicks in Mobile Iron. More than 2 years and still no progress. Unbelievable.
Michael Hines commented
We've just recently started using Intune as part of our Microsoft 365 deployment. We have a mix of BYOD and dedicated devices.
The dedicated devices work brilliantly, however the inability to copy system apps such as camera to a work profile on BYODs is causing issues.
I find it hard to believe that this doesn't appear to have been resolved since the OP two years ago.
James Read How it's solved?
I Did like this: https://docs.microsoft.com/en-us/intune/apps/apps-ae-system
but still no Camera or galley i add.
Come on. This is MDM 101 - InTune is one of the worst MDM. Why would you settle for this MDM when there's literally a lot out there which is 1000% times better than this. Everything is so behind. I feel like I'm back 7 years ago.
Too bad some clients have no choice as to what is to be selected.
James Read commented
The ability to use enterprise systems apps solves this limitation.
Daniel Weber commented
We Need this too!
This is critical for usability of this scenario the All or Nothing approach is not workable when Android let carriers make their idiotic marketing apps "System" apps.
Aymen HMAID commented
changing this is the only way to get sytem apps , it was working few month on our samsung Xcover4...today not anymore . Contacting the support , answer "Not supported" !
Konstantin Slavin-Borovskij commented
This can be done with a manual edit of the DCP extra json.
If you're enrolling with Google ZT, you can edit the "DCP Extras" section of the configuration, or if you're enrolling with the QR, you can generate a new QR for enrollment.
The default DCP json from Microsoft is here: https://docs.microsoft.com/en-us/intune/android-dedicated-devices-fully-managed-enroll#enroll-by-using-google-zero-touch
And you'll need to add the following line to the JSON:
Please note how a JSON is formatted, so you need to remember to add a comma before or after the line, and make sure that all curly brackets match. But short of that, it works like a charm, we've been using it for a couple of months now.
Richard Cleasby commented
Not having the Camera system app in Android Enterprise stops us rolling this out
Definitely a feature that is needed! Whatever the issues between Microsoft and Google on this one they need to get over it and deliver a solution.. it can't just be us that this is holding back from deploying Intune MDM for Android.
It's disappointing to me that, not only is this not available, when contacting Microsoft for Support they blame this on google and try to tell you that no other MDM provider can do this.
James Read commented
This is a much needed feature. We can't move forward with Android for Work without it.
Every other MDM solutions has this feature like AW And Mobileiron
Before moving to Intune, we used Maas360 which had this feature. It is extremely helpful, as it allows us to roll out devices to users, without them needing to sign up with a google account. Should the colleague then leave the organisation, we wouldn't have to ask them to leave their password with us.
However, i am disappointing to see that this feature isn't available in Microsoft Intune. Because most apps search for a default system app, like the camera, even when you install a thrid party google play app, it doesn't work, or causes system crashes!
It's also disappointing to see that this feature is available on apple devices, but not android.
This is critical where OEMs do not enable all the required system apps by default in the work profile.
Samsung as an example does not always enable their Calendar app.
A simple way to white list the system apps in the work profile is necessary as mostly these apps are not on the Play Store