With Android Enterprise Device Owner enrollments, have you ever wondered where all the system apps go when enrolling with Android Enterprise Device Owner? Well they’re there, however they’re not whitelisted and only apps whitelisted by your admin are available (depending on the device OEM, there may be some system apps that are automatically whitelisted, e.g. phone dialer app).
The good news is with the Intune 1909 release, system apps may be whitelisted as well! An example of a system app is the dialer or some OEM specific app such as a battery monitoring app or barcode scanner app.
To bring back System Apps individually, you’ll need to know the package ID. For example, on my Zebra device I’d like to whitelist the battery manager app and the desktop clock. The package IDs for those are: com.symbol.batterymanager and com.android.deskclock
System apps may be whitelisted and assigned by navigating to the Intune admin portal, selecting Client apps > Add > App type = Android Enterprise system app
Provide a Name, publisher and package name and save.
Under Assignments, assign the app to the device group where the device lives. In my case I use a dynamic Azure AD group to assign Zebra devices that are enrolled as Device Owner Dedicated (aka kiosk).
If you’re utilizing the Managed Home Screen, for the app populate so user can launch it you’ll also need to publish the app to the Managed Home Screen profile under device configuration as shown below.
Search for the app name, e.g. battery, and add it.
Policy sync should only take a few seconds and on the device the battery manager is whitelisted and is available for users to access from the Managed Home Screen.
That’s it, it’s that simple. Again, system apps can be whitelisted now using Intune.
Additionally, Line of Business (LOB) apps and Web app links may also be published right from the console.
To learn more about managing Android devices with Intune by visiting: https://docs.microsoft.com/en-us/intune/