Why is one of my devices getting nonComplianceReason: MANAGEMENT_MODE? - android-management-api

I have a bunch of company owned devices with a few apps on them. They are all set up the same.
What is the MANAGEMENT_MODE issue and is it tied to the policyEnforcementRules?
From Google's documentation on MANAGEMENT_MODE, it means "The management mode (profile owner, device owner, etc.) doesn't support the setting."
Device listing reporting:
"nonComplianceDetails": [
{
"nonComplianceReason": "MANAGEMENT_MODE",
"settingName": "applications"
}
],
"ownership": "COMPANY_OWNED",
Relevant policy section:
"policyEnforcementRules": [{
"blockAction": {
"blockAfterDays": 15
},
"wipeAction": {
"wipeAfterDays": 30,
"preserveFrp": True
},
"settingName": "applications"
}],
Why am I getting this non-compliance?
EDIT: Adding screenshot from one of the phones today and the cryptic message the user's are getting (changed the blockAfterDays to 299)
EDIT2:
Adding applications section of policy. The only one that I think is odd is the Google Fi app (com.google.android.apps.tycho) which comes factory installed on some of the Pixel phones and can't be uninstalled. The phones have data only SIMs, some of which are from Google Fi. The app has to be disabled for these SIMs to work correctly - but on non-Pixel phones the app isn't usually installed. There unfortunately isn't a way I know of to both block install of an app and disable it when it can't be uninstalled.
"applications": [
{
"packageName": "OURPRIVATEPACKAGE",
"installType": "FORCE_INSTALLED",
"defaultPermissionPolicy": "GRANT",
"minimumVersionCode": APPVERSION,
},
{
"packageName": "com.google.android.apps.tycho",
"disabled": True
},
{
"packageName": "com.android.vending",
"installType": "FORCE_INSTALLED"
},
{
"packageName": "com.android.settings",
"installType": "FORCE_INSTALLED"
},
{
"packageName": "com.android.chrome",
"installType": "FORCE_INSTALLED",
"managed_configuration": {
"URLBlacklist": ["*"],
"URLWhitelist": ["WEBSITE1", "WEBSITE2", "WEBSITEN"],
'ForceGoogleSafeSearch': True,
'NTPContentSuggestionsEnabled': False,
},
"defaultPermissionPolicy": "GRANT"
},
{
"packageName": "com.google.enterprise.webapp.OURPRIVATEWEBAPP",
"installType": "FORCE_INSTALLED",
"defaultPermissionPolicy": "GRANT"
}
],

Related

Manifest parsing error when trying to test app in Teams

From https://dev.teams.microsoft.com/, whenever I click "Preview in Teams", it shows an error in Teams with these details copied to the clipboard: "Error while reading manifest.json". If I download the app package and "upload a custom app" I get the same error. What can I do to resolve this? If I remove the messaging extension configuration, it works but I configured that part in their app and that's what I want to build.
This is my manifest file:
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.11/MicrosoftTeams.schema.json",
"version": "1.0.0",
"manifestVersion": "1.11",
"id": "3fXXXX",
"packageName": "com.package.name",
"name": {
"short": "Domo Integration",
"full": ""
},
"developer": {
"name": "Domo Inc.",
"mpnId": "",
"websiteUrl": "https://www.domo.com",
"privacyUrl": "https://www.domo.com/company/privacy-policy",
"termsOfUseUrl": "https://www.domo.com/company/service-terms"
},
"description": {
"short": "short",
"full": "full"
},
"icons": {
"outline": "outline.png",
"color": "color.png"
},
"accentColor": "#FFFFFF",
"composeExtensions": [
{
"botId": "deXXXXXXXX",
"commands": [],
"canUpdateConfiguration": true,
"messageHandlers": [
{
"type": "link",
"value": {
"domains": [
"*.domo.com"
]
}
}
]
}
],
"validDomains": [
"*.domo.com"
]
}
#ccnokes In order to use messaging extension in your bot, you need to provide at least one command. commands is required property in composeExtension - see doc.
I was also getting the same error when tried with your manifest but after adding commands it worked totally fine.

Microsoft Teams Connector error "ngClickDecorator: value not found in enum type. value:"

I'm currently seeing this error when I try and save my connector configuration:
21T21:05:12.087Z ngClickDecorator: value not found in enum type. value:
and
21T21:05:12.155Z Received error from connectors {"seq":1611247472155,"timestamp":1611263112143,"flightSettings": {"Name":"ConnectorFrontEndSettings","AriaSDKToken":"d127f72a3abd41c9b9dd94faca947689-d58285e6-3a68-4cab-a458-37b9d9761d35-7033","SPAEnabled":true,"ClassificationFilterEnabled":true,
"ClientRoutingEnabled":true,"EnableYammerGroupOption":true,
"EnableFadeMessage":false,"EnableDomainBasedOwaConnectorList":false,
"EnableDomainBasedTeamsConnectorList":false,"DevPortalSPAEnabled":true,
"ShowHomeNavigationButtonOnConfigurationPage":false,"DisableConnectToO365InlineDeleteFeedbackPage":true},"status":500,"clientType":"SkypeSpaces",
"connectorType":"c6adb316-46b2-4e46-a511-8b4947b3d554","name":"handleMessageError"}
And the SO post: Can't save custom connector configuration is very close to my problem however I have added my configurationURL to my valid domains, and removed mine from the manifest but with still no luck. I'm all set up on my permissions as well unless there is something specific I am missing to configure?
Any suggestions, below is my manifest and code:
Manifest:
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.8/MicrosoftTeams.schema.json",
"manifestVersion": "1.8",
"version": "1.0.3",
"showLoadingIndicator": true,
"isFullScreen": true,
"id": "c6adb316-46b2-4e46-a511-8b4947b3d554",
"packageName": "com.test",
"developer": {
"name": "Test, Inc",
"websiteUrl": "https://test.com",
"privacyUrl": "https://test.com/privacy",
"termsOfUseUrl": "https://test.com/toc"
},
"icons": {
"color": "color.png",
"outline": "outline.png"
},
"connectors": [
{
"connectorId": "c6adb316-46b2-4e46-a511-8b4947b3d554",
"scopes": [
"team"
],
"configurationUrl": "https://localdev-test.test.com/connector"
}
],
"name": {
"short": "Test Development",
"full": "Test for Microsoft Teams"
},
"description": {
"short": "Test Development",
"full": "Test for Microsoft Teams"
},
"accentColor": "#FFFFFF",
"staticTabs": [
{
"entityId": "22f101b6-f9a2-44d3-8eba-74309295f398",
"scopes": [
"personal"
],
"context":[
"personalTab",
"channelTab"
],
"name": "TestSite",
"contentUrl": "https://localdev-test.test.com",
"websiteUrl": "https://localdev-test.test.com",
"searchUrl": "https://localdev-test.test.com"
}
],
"devicePermissions": [
"notifications",
"openExternal"
],
"permissions": [
"identity",
"messageTeamMembers"
]
}
Code:
ngOnInit(): void {
microsoftTeams.initialize();
microsoftTeams.settings.registerOnSaveHandler((saveEvent) => {
microsoftTeams.settings.setSettings({
entityId: 'Create',
contentUrl: 'https://localdev-test.test.com/connector',
removeUrl: 'https://localdev-test.test.com/connector',
configName: 'Create'
});
microsoftTeams.settings.getSettings((settings) => {
this.webhookUrl = settings.webhookUrl;
localStorage.setItem('connectorWebHook', this.webhookUrl);
});
saveEvent.notifySuccess();
});
}
onClick(): void {
if (!this.webhookUrl) {
microsoftTeams.settings.setValidityState(true);
}
}
This is a Microsoft Bug, the "Configuration page for your Connector" on the Connector Portal is immutable (even though it is in an edit field). Meaning that the URL you set on the creation of the Connector can not change through development or you will get this error. So just making a new connector through the portal with my changed configuration URL fixed my problem.
A comment on their git points to this as well: https://github.com/MicrosoftDocs/msteams-docs/issues/1738#issuecomment-647675420

Can't add work file to a Company-owned devices for work and personal use

I've created a token with this policy:
{
"name": "enterprises/LC0261d9zr/policies/CompanyOwnedWorkProfilePolicy1",
"version": "1",
"applications": [
{
"packageName": "com.google.android.gm",
"installType": "FORCE_INSTALLED",
"defaultPermissionPolicy": "GRANT"
},
{
"packageName": "com.google.android.apps.docs",
"installType": "AVAILABLE"
}
],
"passwordRequirements": {
"passwordMinimumLength": 6,
"passwordQuality": "ALPHABETIC"
},
"usbFileTransferDisabled": true,
"bluetoothDisabled": true,
"personalUsagePolicies": {
"cameraDisabled": true,
"screenCaptureDisabled": true,
"maxDaysWithWorkOff": 3,
"personalPlayStoreMode": "BLACKLIST"
}
},
and set "allowPersonalUsage": "PERSONAL_USAGE_ALLOWED",
I got enrollment token successfully, and use DPC indentifier to register a device.
But at last, the device shows :
Can't add work profile : A work profile can't be added to this device.If you have questions,contact your admin.
Can someone tell me what's the problem?
Thanks in advance.
PS: I've successfully set the device as Company-owned devices for work use only.
After factory-reset, and I wanna set the device to Company-owned devices for work and personal use,I met this problem.
My phone's system is 8.0
I've also tried to use another enrollment token with policy below to set the device as Personally-owned devices,get the same result.
{
"name": "enterprises/LC0261d9zr/policies/PersonalyOwnedProfilePolicy1",
"version": "1",
"applications": [
{
"packageName": "com.google.android.gm",
"installType": "FORCE_INSTALLED",
"defaultPermissionPolicy": "GRANT"
},
{
"packageName": "com.google.android.apps.docs",
"installType": "AVAILABLE"
}
],
"passwordRequirements": {
"passwordMinimumLength": 6,
"passwordQuality": "ALPHABETIC"
}
}

Microsoft Teams Manifest isFullScreen doesn't work

I am using the yeomen generator to create a Microsoft Teams Application with NodeJS and React. https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/quickstarts/create-personal-tab-node-yeoman
I implemented the "isFullScreen" option into the Schema, but it just doesn't work. Here my Schema:
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.7/MicrosoftTeams.schema.json",
"manifestVersion": "1.7",
"packageName": "TeamsApp",
"id": "8af948a0-0fc1-409c-942a-9376fc2d7f46",
"version": "1.0.2",
"isFullScreen": true,
"showLoadingIndicator": true,
"developer": {
"name": "xxx GmbH",
"websiteUrl": "https://www.xxx.de",
"privacyUrl": "https://www.xxx.de/Datenschutz",
"termsOfUseUrl": "https://www.xxx.de",
"mpnId": "1512061"
},
"name": {
"short": "Teams App",
"full": "Teams App Tool "
},
"description": {
"short": "xxx",
"full": "xxx"
},
"icons": {
"outline": "icon-outline.png",
"color": "icon-color.png"
},
"accentColor": "#004578",
"staticTabs": [
{
"contentUrl": "https://xxx.ngrok.io/overviewTab",
"entityId": "TeamsApp",
"name": "Overview",
"scopes": ["personal"]
}
],
"validDomains": [
"*.eu.ngrok.io"
]
}
I Developed a Microsoft Teams App with SPfx before and there the option worked completely fine. I also tried using the App Studio Application where the "isFullScreen" option is displayed, but even there it does not do anything.
In a another Post from 3 Months ago they just said it should work now. isFullScreen manifest setting doesn't do anything
"isFullScreen" works only with LoB Store Apps.

Possible bug NOT_AVAILABLE_IN_COUNTRY

I am trying to enable policy via Android Management API.
{
"name": "enterprises/LC03hx99sc/policies/default",
"version": "2",
"applications": [
{
"packageName": "app.caredirect.caredirecthub2",
"installType": "KIOSK"
},
{
"packageName": "com.android.settings",
"installType": "FORCE_INSTALLED",
"defaultPermissionPolicy": "GRANT"
},
{
"packageName": "com.amazon.dee.app",
"installType": "FORCE_INSTALLED",
"defaultPermissionPolicy": "GRANT"
}
],
"systemUpdate": {
"type": "WINDOWED",
"startMinutes": 10,
"endMinutes": 1439
},
"debuggingFeaturesAllowed": true
}
The store listing says for app.caredirect.caredirecthub2 that it is available in EVERY country.
Despite this I get the following error:
{
"name": "enterprises/LC03hx99sc/devices/33ddb8137f60b585",
"managementMode": "DEVICE_OWNER",
"state": "ACTIVE",
"appliedState": "ACTIVE",
"nonComplianceDetails": [{
"settingName": "applications",
"nonComplianceReason": "APP_NOT_INSTALLED",
"packageName": "app.caredirect.caredirecthub2",
"installationFailureReason": "NOT_AVAILABLE_IN_COUNTRY"
}, {
"settingName": "persistentPreferredActivities",
"nonComplianceReason": "APP_NOT_INSTALLED",
"packageName": "app.caredirect.caredirecthub2"
}],
"enrollmentTime": "2020-09-23T15:02:52.290Z",
"lastStatusReportTime": "2020-09-23T15:02:57.915Z",
"lastPolicySyncTime": "2020-09-23T15:02:53.754Z",
"appliedPolicyVersion": "1",
"apiLevel": 28,
"softwareInfo": {
"androidVersion": "9",
"androidDevicePolicyVersionCode": 1317100,
"androidDevicePolicyVersionName": "13.17.10.v32",
"androidBuildNumber": "TB-X605F_S210208_200807_ROW",
"deviceKernelVersion": "3.18.120-perf-g1d02637-dirty",
"bootloaderVersion": "unknown",
"androidBuildTime": "2020-08-07T10:08:52Z",
"securityPatchLevel": "2020-08-01",
"primaryLanguageCode": "en-US",
"deviceBuildSignature": "1c41fedecacbe89b81c242ecf74929f7d57322b64f8179c1c78a390a3494f14a",
"systemUpdateInfo": {
"updateStatus": "UP_TO_DATE"
}
},
"hardwareInfo": {
"brand": "Lenovo",
"hardware": "qcom",
"manufacturer": "LENOVO",
"serialNumber": "HA0Y8JQX",
"model": "Lenovo TB-X605F"
},
"appliedPolicyName": "enterprises/LC03hx99sc/policies/default",
"memoryInfo": {
"totalRam": "1909563392",
"totalInternalStorage": "3121049600"
},
"userName": "enterprises/LC03hx99sc/users/106404730049843005283",
"enrollmentTokenName": "enterprises/LC03hx99sc/enrollmentTokens/1019LI5YbxD4MNgIOfRKRxxKtK4ZLzRBZTGlL0Tw5Ns",
"previousDeviceNames": ["enterprises/LC03hx99sc/devices/3832aa78af19d796", "enterprises/LC03hx99sc/devices/326e9eaec5f835db", "enterprises/LC03hx99sc/devices/3f22065004da99b8", "enterprises/LC03hx99sc/devices/3027d6b05179f8ac", "enterprises/LC03hx99sc/devices/3011e18ade8e09f3", "enterprises/LC03hx99sc/devices/36ea1951ef4e088f", "enterprises/LC03hx99sc/devices/30fb71bc476a4d1d", "enterprises/LC03hx99sc/devices/3695657a941cba4a"],
"securityPosture": {
"devicePosture": "SECURE"
},
"ownership": "COMPANY_OWNED"
}
What is causing NOT_AVAILABLE_IN_COUNTRY ?
This is preventing the whole kiosk setup from working.
thanks

Resources