Hello Robin,

Could you please let us know if the devices are enrolled as Android Plus or Android Enterprise?

We do not have scripting capabilities for Android Plus devices.

Thank you,

Hello,

these devices are enrolled as Android Plus.

There is no support for script to grant app permission with Android Plus device agent.

If you can start remote session on your devices,  you can grant permission remotely by making required changes in Device's Settings within a RC session.

Configuring the mail client on each device manually does not seem to be a viable solution.

We would have to disable lockdown mode, configure the mail client and then enable lockdown mode again.

What would be your recommended solution?

Using a mail client that does not require device admin rights?

Specifying the order in which the profiles are applied would be a possible solution as lockdown and mail settings are configured in different profiles.

Is there such a feature?

Disabling/enabling lockdown mode, controlling the order in which profiles are applied, etc are doable, though the complexity depends  on how the devices are distributed or how many devices are there. 

However, the major issue is who will be granting the administrator permission for the mail client on the device Settings if the devices are all already deployed to end-users.  Can you clarify if you have any solution(s) for this?   If not,  your only option maybe is to use a mail client that doesn't need this permission granting step.

How many devices do you have?  Are they all already deployed to end-users?   Do they all share the same policies (profiles, rules and advanced configuration)?