Allow LOB apps on devices managed in Android Kiosk Devices (COSU)
When a device is configured with Android Enterprise and the Microsoft Managed Home Screen in kiosk mode (as per here https://docs.microsoft.com/en-us/intune/android-kiosk-enroll), it is not possible to deploy LOB apps to these devices. If apps are sideloaded manually, they're automatically deleted by the device policy.
Being able to deploy LOB apps (or creating a whitelist) for Android Kiosk devices would allow Android Kiosk mode to be used to its full potential.
I was talking with our Android team about this one. They said “This is already supported. However LOB apps must be deployed by either uploading through the Google Play iFrame in Intune or using a dev account for Google Play.”
Does that satisfy the spirit of the request?
Davide Gatti commented
i installed my LOB app from APK on the device memory.
Device is dedicated device (Kiosk) and i added my LOB app as Android Enterprise system app and the app not deleted by policy. I forced sync many times.
I don't know how long this porkaround :-) will work.
This does not satisfy our request at all.
The ability to deploy apps directly to our managed devices will greatly improve the experience. The company has lots of in house apps and every time we need to deploy is a brain ache, couse the play console has lots restrictions and its dificulto to work. Can you help us with this? Is there a policy to solve the LOB install on android Corporate-owned dedicated devices?
Adriaan Couchez commented
@Cathy , this does not satisfy the request at all.
The ability to upload applications and distribute them to the android kiosk/managed devices is an absolute must. It is a feature that you could use with the old Intune app and android device. You just had to upload the apk to intune and distrute it to your devices. I don't see why this is not an option for managed devices.. This is the reason why we moved to another vendor because all of the other vendors have this option, every single one of them except for intune. The 2 options you stated are not solutions at all and they are just there to claim to provide support for line of business apps but in reality make it impossible to use them. I have also contacted microsoft support and they blamed it on "google" . Which is just ridiculous and shows the lack of care and knowledge about the android platform.
This is ridiculous. We have been supplied with an .apk file by a company whose app we are using. This is so that we distribute a known and tested version of the app rather than let users pull down which ever version is currently on the store. We don't use IFrame or have a dev account, because we are not developers. Because of this silly restriction, we can't totally manage our android devices. Our previous MDM allowed this (we are wishing we had stayed with it). I have raised two calls with Microsoft over this but got no where except for Microsoft to blame Google. This is causing us such issues that we have actually raised the idea of abandoning Intune after barely a year of use.
Cathy, this does not satisfy the request at all as it brings us right back to the start. The desire is to have direct installation of LoB applications delivered from Intune to the devices and installed without having to involve Managed Play for that distribution.
Bo S. Nielsen commented
The limitation with the private apps in managed Google Play store is that it must have a unique package id. Thus it fine if you develop your own private app but if you share an app with other for instance com.symbol.enterprisehomescreen then it won’t work. Also, most of these enterprise apps which are distributed as apk files also have a config file which needs to be distributed to the device. I understand that from Google perspective all apps should be move to Google Play and configs should be manage configs but that just not how it works right now. Would be really appreciated if Intune would support this kind of app / config deployment.
Google iFrame cannot be only option. We need to have the ability to custom upload apps and sideload them onto Company owned devices (Android Enterprise)
Shaun Ord commented
I have clients that have apps that either don't adhere to google play's policies, or have been previously banned from the Google Play store. Unfortunately the differences between the US' stringent policies in areas that are legal elsewhere make installation of apps from other sources important, like from Intune for device administered android devices currently. We use this currently for business clients as this cannot be done via Android enterprise.
Is this still a missing feature? I wish dedicated device manufacturers like Zebra and Honeywell wouldnt claim that Intune is supported when basic functionality like direct LoB apk installation is not supported. Requiring Managed Play for app distribution is not a viable alternative.
This feature is still lacking.
Several other 3rd party MDM providers allow apk sideloading via dedicated or device owner management.
Microsoft Intune is forced to use Private Google Play store, but not all app providers support it.
iFrame doesn't work for apps that are not allowed in the google play store or have already had the package name suspended. It would be helpful if a sideloading method was available to store the apk elsewhere, but install via google play? Or use company portal to inject apps? I'm not sure, but google's policies are a barrier to using the manage google play store. Outside of the richer configuration set, the device admin enrollment method is working great for our purposes, though we know we will lose the ability to enroll and push apps to our tablets post Android 10.
When will the other opions be available in the Managed playstore iframe
Dominique Ruest commented
Updates of managed google play kiosk app aren't getting deployed to devices running the kiosk app which is very problematic. Allowing LOB apps to run in kiosk mode would fix this issue. Or am I missing something to get a private managed google play app updates deployed to my devices currently running the app in kiosk mode?
This needs to be implemented. Now.
We have devices going out unmanaged due to this....
Scott Peters commented
Please add the new iFrame features https://developers.google.com/android/work/play/emm-api/managed-play-iframe
Jan-Tore Steen Olsen commented
I took this function for granted when setting up some of our devices, however quickly noticed it never getting deployed. Even worse, when we went and manually sideloaded the apps it automatically decides to uninstall them. How is not even being able to whitelist sideloaded apps a thing? What's the point of having Kiosk modes if it doesn't even have these functions.
This is a must, Given that Android Q will not allow for the Company Portal Enrollment method, so All Intune Enrollment after Q can only be Android Enterprise. We must have the ability to install our own LOB apps, regardless of if they are in the Google Store or not.
Richard Barr commented
Seams crazy not to be able to setup a Kiosk with a LOB app.
I was shocked to find out that Intune doesnt support direct installation of LOB apps and only supports Managed Google Play distribution. We might as well just use Google's free sample management suite with the sample DPC as the base AE management APIs are all Intune seems to support anyway. It's even more shocking to find out that Intune's DPC then removes LOB apps that are installed using alternative means! Completely worthless for COSU deployments of AEDO devices until we can get LOB apps and file delivery.
We have a LOB Kiosk app for our client that we are unable to publish in the google console due to perceived conflicts with googles policies. Being able to push apps to an android enterprise device outside of google play would be extremely helpful in providing us the management tools of android enterprise with the use of our critical LOB apps. Company portal perhaps?