No Matches Found!
Try with a different search term
Hi,
I am trying to figure out why all application permissions are all greyed out and locked on an Android 9 device managed by mobi. It's work managed device. I pushed a feature control that basically has ALLOW EVERYTHING as a test but I still see them greyed out with a note saying that action is not allowed by Mobi:
what am I missing? Is this a default behaviour for work managed? can I allow the app permissions to be changed by the user?
NOTE: MobiControl Version 15.3.3
Thanks,
Though you have initiated a push of feature control policy to your test device, it is possible that the corresponding profile is not properly deployed on the device yet. Have you checked the status of your profile in the web console to confirm?
Also, on some device brands/models, the changes of SOME feature control options may not be visible until the device has been restarted.
Hi Raymond,
Yeah, I thought about that I had checked the profiles tab on the mobicontrol agent and it's there.
I also tried rebooting, still I cannot edit the permissions.
any other ideas to try or how to debug? what is the specific feature control option that controls this normally? maybe I can try to remove and re-add.
any script command to try to push to allow?
I am not sure this is a function of Feature Control but is more likely a function of Managed Applications on Fully Managed devices in Android Enterprise. When the app is approved for a Managed Organization the permissions are automatically granted and enforced by the IT administrator. The ability to modify the permission settings for an individual app is therefore not exposed to the end user because they are not the Device Owner, the organization is. I am not sure if the permissions behave differently in a Work Profile / Profile Managed / BYOD scenario, but my understanding is that for Work Managed the permissions are automatically granted by the administrator approving the app in the Managed Play console or iFrame and that end users do not have access to change those permissions.
Thanks Matt,
That makes sense. so Anything approved by the admin on the managed play console will have all permissions allowed. It does save some trouble for those apps.
What if the app was installed by the user (maybe APK)... should that allow users control then?
I am not entirely sure how that would affect user installed apps. On Work Managed devices the expectation would generally be that the end user would not be installing any apps onto the device manually as the device is fully managed by the organization. If there is a scenario for end users to manually install apps on your devices then Work Managed may not be the right management use case for you. You may want to investigate COPE as an alternative management strategy.
