Let’s discuss Intune to Discontinue Support for Custom Profiles on Personally Owned Work Profile Android Devices. Starting April 1, 2025, Microsoft will no longer support custom profiles using Android Enterprise on personally owned work profile devices.
This change only affects custom profiles for personal work profile devices in Android Enterprise and not for Android device administrator devices.
Custom profiles are challenging to set up, troubleshoot, and monitor. Additionally, they do not provide any significant advantages, as similar settings are now available in the Microsoft Intune admin center.
Microsoft Intune previously introduced custom configuration profiles for personally owned Android Enterprise work profile devices, allowing Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings. All these settings can now be configured through other policy types, except for Basic Wi-Fi profiles with a pre-shared key, which will be available in early 2025.
Table of Contents
Intune to Discontinue Support for Custom Profiles on Personally Owned Work Profile Android Devices
After Intune stops supporting custom profiles for personal work profile devices in April 2025, admins can not create new custom profiles for personally owned work profile devices. But they can still edit existing ones. Devices with assigned custom profiles will not see current functionality changes. However, these profiles may change in the future because they are no longer supported. Intune technical support will not assist with custom profiles for these devices.
- Free Intune Training 2024 For Device Management Admins
- Download 37 Page Best Intune Migration Document from Microsoft
- Free Entra Training Videos | Start Learning Entra ID Azure AD
Get ready for the Transformation
To plan for the upcoming change, follow the steps given below and check if you have custom profiles for your personally owned work profile devices. Then, learn how to set up alternative policy types.
- Open Microsoft Intune Admin Center
- Identify the custom policies in use in your tenant
- Select Devices > Android > Configuration.
After selecting configuration, filter the Platform column to display only Android Enterprise policies. Check the Policy Type column for any policies labelled as Custom. If you don’t find any, no further action is needed.
- Create policies with the same settings. Use the tables below to see how the settings map.
- Assign the new policies to the same groups assigned to the custom profiles.
- Remove all groups from the custom profiles.
- Verify that the device works correctly and that the new profile settings fully replace the old custom profiles.
- Delete the custom profiles.
Custom Setting Alternatives
The following sections show which custom settings to replace with better options. They include Wi-Fi settings, Work Profile Settings and VPN settings. Use these alternatives to improve your work experience and performance.
Wi-Fi settings
Wi-Fi is a wireless network that allows mobile devices to connect to the internet. Microsoft Intune offers Wi-Fi settings that you can apply to users and devices in your organization through a profile. Once assigned, users can access your organization’s Wi-Fi network without setup.
| Custom setting | Alternative configuration |
|---|---|
| ./Vendor/MSFT/WiFi/Profile/<SSID>/Settings | Create a Wi-Fi policy for personally owned work profile devices with your chosen Wi-Fi configurations. Here, you will also be able to configure Wi-Fi with a shared key when it becomes available. |
| /Vender/MSFT/WiFi/<SSID>/Settings | |
| ./Vendor/MSFT/DefenderATP/Vpn | Set up an app configuration policy for your managed devices, focusing on Microsoft Defender: Antivirus, and get the VPN settings sorted out. |
VPN settings
A Virtual Private Network (VPN) lets users securely connect to your organization’s network remotely. Devices use a VPN connection profile to connect to the VPN server. Microsoft Intune manages these profiles and assigns settings to users and devices to ensure easy and safe access to the network.
| Custom Setting | Alternative Configuration |
|---|---|
| ./Vendor/MSFT/VPN/Profile/<vpn name>/PackageList | Create VPN profiles for work devices that you own personally using your preferred VPN settings. |
| ./Vendor/MSFT/VPN/Profile/<vpn name>/Mode | |
| ./Vendor/MSFT/DefenderATP/AntiPhishing | Create an app configuration policy for managed devices and set the Targeted app to Microsoft Defender: Antivirus. Then, configure Hide app details in the report and Hide app details for a personal profile. |
| ./Vendor/MSFT/DefenderATP/DefenderExcludeAppInReport | Create an app configuration policy for managed devices and set the Targeted app to Microsoft Defender: Antivirus. Then, configure Enable TVM Privacy and Enable TVM Privacy for a personal profile. |
| ./Vendor/MSFT/DefenderATP/DefenderTVMPrivacyMode | Create an app configuration policy for managed devices and set the Targeted app to Microsoft Defender: Antivirus. Then, configure Hide app details in the report and Hide app details for a personal profile. |
| /Vendor/MSFT/DefenderATP/Vpn | Create an app configuration policy for managed devices, set the Targeted app to Microsoft Defender: Antivirus, and then configure Enable TVM Privacy for a personal profile. |
Work Profile Settings
These settings apply to Android devices that people own personally but use for work (BYOD). They also apply to the password for the work profile on these devices. The following table shows the custom settings and Alternative Configurations.
| Custom Setting | Alternative Configuration |
|---|---|
| ./Device/Vendor/MSFT/Container/DisableRedactedNotifications | Create a device restrictions policy > Work profile settings > General Settings > Set Work profile notifications while the device is locked to Block |
| ./Device/Vendor/MSFT/WorkProfile/CustomGmsWorkProfileDomainAllowList | Create a device restrictions policy > Work profile settings > General Settings > Add and remove accounts, set to Allow all accounts types and configure Google domain allow-list |
| ./Device/Vendor/MSFT/WorkProfile/WorkProfileAllowWidgets | Create a device restrictions policy > Work profile settings > General Settings > Allow widgets from work profile apps |
| ./Microsoft/MSFT/WorkProfile/DisallowCrossProfileCopyPaste | Create a device restrictions policy > Work profile settings > General Settings > Copy and paste between work and personal profiles |
| ./Vendor/MSFT/Policy/Config/DeviceLock/MaxInactivityTimeDeviceLock | Create a device restrictions policy > Password > Maximum minutes of inactivity until work profile locks |
| ./Vendor/MSFT/WorkProfile/DisallowModifyAccounts | Create a device restrictions policy > Work profile settings > General Settings > set Add and remove accounts to Block all account types. |
| ./Vendor/MSFT/WorkProfile/Applications/<package>/PermissionActions | Create an app configuration policy for Managed devices > Permissions > Add |
| ./Device/Vendor/MSFT/WorkProfile/WorkProfileEnableSystemApplications | Follow the steps to Manage system apps |
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.