Configure Corporate-owned dedicated device with Intune (part 2/3)

In the previous part we’ve configured the framework for a Multi-Kiosk dedicated device. The device is configured with a Home Screen and two apps are displayed on the Home Screen. Now we are going to configure the apps we’ve deployed to the device. You can do this by using App configuration policies.



App Configuration policies

Using App configuration policies you can pre-configure settings and permissions for Applications. This way the end-user don’t need to take action to approve a permission are configure a setting. This prevents issues and makes it easier for the end user to work with the device. An example of a permission is the notification to “Allow Managed Home Screen to access the location” of the device when you first start the dedicated device. Notifications like these can be avoided by assigning permissions in advance using an App configuration profile.

Permission pop-up

You can see in the play store what permissions an application needs. Go to the product page of the Managed Home Screen. Scroll to Additional information and press “View details” under permissions.


Configure App configuration policy

To prevent the notification to “Allow Managed Home Screen to access the location” we will configure an App configuration policy for the Managed Home Screen. The location of the device can be used in MEM admin center to Locate the device.


1. Select “Apps” -> “App configuration policies”. In the App Configuration policies blade press “+ Add” and select “Managed devices” to create an new app configuration policy.


2. Enter a Name: (1), Select the “Platform”: “Android Enterprise (2), select the “Profile Type”: “Fully Managed….” (3) and the “Targeted app”: “Managed Home Screen” (4). Press “Next” to continue.


3. Press “+Add” (1) and select the permission you want to add. In this example I will only add the Location Access permissions (2), but you can also add the other permissions the Home Screen may request. Press “OK” (3) to finish.


4. Change the “Permission state” for the Location access from “prompt” to “Auto grant”. This way the permissions are granted without sending a notification to the user.


5. Using the Configuration Settings (1) you can add (2) some additional settings (3) which are not (yet) available in the device restrictions used to configure. Be careful not to configure settings in both the device restrictions and the app configuration policy. This can cause problems.


6. Press “Next” to continue.


7. Assign the app configuration policy to either a “group” or to “all devices” depending on your configuration requirements. You may want to consider assigning to “all devices” if your corporate owned Android Enterprise devices will all use the same app configuration. This will creating multiple app configurations and processing time if you’re using dynamic AAD groups.


8. Review the settings and press “Create” to finish configuration.


What’s next?

Now the permissions for the Managed Home Screen app are configured. You should repeat this process for all other published apps and then retest the rollout to see if there are any issues missing or need to be adjusted. At the moment, the time is still displayed as a 12-hour clock.

In the next final part, we are going to change the time display to 24 hours by using an OEMConfig profile.







Leave a Reply

Your email address will not be published. Required fields are marked *