Hi all
According to my information, there is currently no way to have the "special permissions" (device admin, draw over other apps, access to notifications etc.) granted to the SOTI agent automatically after enrolling a device. So after enrolling, the user must manually grant the SOTI agent these special permissions.
Is this correct so far or am I missing something?
Assuming the above is correct, I want to implement the following enrollment process:
- the device is enrolled in SOTI and is placed in a staging group
- this group contains a profile that installs various required apps from Managed Google Play and sends a message to the device asking the user to grant the SOTI agent all requested (special) permissions.
- as soon as the special permissions were granted by the user, I want to relocate the device to a different group.
And this brings me to you: can anyone tell me how I can detect if the special permissions were granted to the SOTI agent? Either by running a script on the device or by any other (easier) means?
I was playing around with compliance policies and trying to figure out a way to detect if the special permissions were granted (so I'd flag the device as non-compliant as long as the permissions were not granted) but I couldn't find a way to do this.
I assume I need a script that runs on the device to check if the permissions were granted and then writes this information to an INI-file that I can then use as a custom data to check and move the device accordingly.
But I have no idea how to write a script that checks these permissions. Does anyone know? (Once I know how to determine if the permissions were granted via script, I think I'll be able to figure out how to write this output to an INI-file and then use it as a custom data - it's just the actual check of the permissions that is causing me issues.)
Is that the best way to reach this goal? Or are there other options that you'd recommend?
Thanks in advance!
- Jake
