Let’s check the Known Issue with Android 14 Management Settings. Google has flagged an issue with Android 14 managed with device restriction settings, where setting making some management policies permanent.
The identified issues in Android 14 make some management policies permanent on non-Samsung devices. This is a Known Issue, also confirmed by the Microsoft Intune support team, and the lists of affected policies were shared.
As per the latest report, the Team are investigating an issue making some management policies permanent on Android 14. This issue affects two sets of management policies, one set when upgrading from Android 13 to Android 14 and one set on every reboot of Android 14 devices.
Google is currently sharing patches with other device OEMs for these issues, which OEMs will integrate into their OS update images going forward. Device OEMs will determine if and how their devices will receive these fixes. When released, these OEM patches will prevent these issues in the future. The team is actively working to fix the issue.
Due to the severity of the issue, the Microsoft Intune team do not recommend updating non-Samsung devices to Android 14 at this time. On Android Enterprise devices, you can use Intune device restrictions policies to postpone system updates.
- Get Email Alerts For Windows Known Issue Status Change
- Microsoft Intune 2312 December Update New Features Improvements
Known Issues with Android Management Settings
If you are managing an Android device work profile running Android 13 with the device restriction settings in the management profile. When that device updates to Android 14, the applied settings will become permanently blocked, even if you later disable the setting in Intune.
Android 14 Management Settings Insights
Let’s check the details on known issues with some management settings becoming permanent on Android 14. Upon upgrading a device from Android 13 to Android 14, specific configurations become permanent. Furthermore, upon rebooting devices that have undergone the Android 14 upgrade, additional settings are established as permanent on the device.
When devices that have been upgraded to Android 14 are rebooted, certain settings are made permanent on the device. Devices that shipped with Android 14 will not be affected. This issue currently affects devices enrolled with personally-owned work profiles.
- Threat scan on apps
- Block apps from unknown sources
Google recently released a fix for this issue on fully managed, dedicated, and corporate-owned fully managed devices. Prior to this, some settings could also have become permanent on devices after rebooting. We’ll update this post with the list of affected settings soon.
The second issue is that when a device is upgraded from Android 13 to Android 14, certain settings are made permanent on the device. The Fully managed, Dedicated, Corporate-owned work profile and Personally-owned work profile enrollment types are affected by this issue.
The Fully managed, Dedicated and Corporate-owned work profile enrollment type settings are affected.
- Date and Time changes
- Roaming data services
- Wi-Fi access point configuration
- Bluetooth configuration
- Tethering and access to hotspots
- USB file transfer
- External media
- Beam data using NFC
- Developer settings
- Microphone adjustment
- Volume changes
- Factory reset
- USB storage
- System error warnings
- Copy and paste between work and personal profiles
- Add new users
- Users can configure credentials
- User removal
- Account changes
- Allow users to enable app installation from unknown sources in the personal profile
The Personally-owned work profile enrollment type device restrictions settings are affected. The Android device restriction profiles allow you to enforce security policies on both the device and the work profile, ensuring that corporate data is protected.
- Camera (set to ‘Block’)
- VPN (set to ‘Enabled’)
- Copy and paste between work and personal profile
- Prevent app installations from unknown sources in the personal profile
- Add or remove accounts (set to ‘Block all account types’)
- One lock for device and work profile
If your devices are already impacted and have policies that have been made permanent, the only available remediation to clear the affected policy behavior is to remove the work profile on personally-owned devices or factory reset on company-owned devices.
If you configured the settings, Threat scan on apps and Block apps from unknown sources cannot be cleared by removing the work profile. You must factory reset devices, It is recommended to back up personal data prior to a factory reset to help mitigate data loss.
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.