Hi,
I've tried the procedure aerosola, but no success here.
I've learned my org uses "Play Integrity API" to ensure it is a Google verified installed OS.
https://developer.android.com/google/play/integrity/overview
Not sure if there is away around that.
Nope it means they expect a certified Google OS... No way around that.
burningfeelings
My company checks for the company portal even though using PWA. I cannot log into Teams or Outlook through the browser. How did you get around that?
I didn't, I can use PWA without company portal... thing is it becomes a hassle pretty quickly due to logout...
Tried your walkthrough, got to the end of it but still when launching an app through work profile on shelter it complains is not on the work profile because company portal didn't create it...
When you try to create the work profile through the company portal it expects to add play store and google services and because of its absence it fails...
So yeah no easy way out, pwa, 2nd phone or you byte the bullet and eat stock android.
burningfeelings
I probably go for the option with a second old stock android phone without SIM (shared WiFi) from GOS phone and only used when needed to participate in meetings or check email when I have limited access to computer.
I managed to make Outlook+Teams working with the mandatory InTunes app and more or less the same setup as explained using Shelter and work profile but on LineageOS with gApp.
How high are the chances that it will work if I migrate to GrapheneOS and replicate the same?
Company might pay for the phone so I must be sure it Outlook and Teams works otherwise I willbe forced to use the Pixel with stock or with LineageOS (would be a bummer).
TrustExecutor frankly, I am surprised by the number of users in this thread whose employers expect them to use their personal phones for corporate email.
In my opinion (and experience), it is the employer's responsibility to provide end users with corporate devices. There should be a clearer separation between home and office.
mythodical
I get a corporate phone if I want to, but it is neat to have two SIMs in the same phone not to carry around two phones. Before I could separate everything with a separate user profile but now the company set up new policy to make usage of a work profile app mandatory. I think this is the most common explanation for why people want to use their private phone for work, not that the company demand it.
I really did want my work apps not on a separate phone but I gave up on this and just asked for a company phone.
memberberryfarms That's the only way since GrapheneOS devs are not keen to enter into the enterprise app support which is a kind of a contradiction since GrapheneOS per it's nature should aim enterprise users... or at the very least is my opinion on the subject.
Having personal and work profiles would be ideal but unfortunately not possible (for the majority) as things stand.
burningfeelings GrapheneOS devs are not keen to enter into the enterprise app support
GrapheneOS developers have never said this, please do not make assumptions. There are zero plans to intentionally remove or block enterprise usage. GrapheneOS is permissively licenced to specifically allow our patches and contributions to be upstreamed, enterprise/corporate usage, etc.
There are various issues on the issue tracker offering support for MDM usage, including Intune, and I even created a patch to support installing sandboxed Google Play in an MDM-provided work profile, such as VMware Intelligent Hub (Airwatch) using Apps (provided global app installation is not disabled), in situations where you can't add your own apps to the work profile: https://github.com/GrapheneOS/platform_frameworks_base/commit/3613c0860815c998d924f09fe5f8bdb1e1a6177f
GrapheneOS has not intentionally stripped out any kind of support for MDM, Intune, work profiles, etc. Most of these things simply rely on privileged Google Play being integrated into the OS which GrapheneOS has removed for obvious reasons.
randomchar42 As @burningfeelings said - no way around that. It's the same restriction that is enforced for the Google Pay app. Depending on your influence in the company, you may try to change the policy - but that really depends on what kind of company you work at...
burningfeelings Not sure I follow your response. You shouldn't create the work profile via the company portal. You create the work profile using Shelter, you copy the company portal app from your main profile to your work profile (you can also install it using aurora directly into your work profile). You install apps like Google Play + services + framework - as they are always requried using GrapheneOS apps. Only then, you start the company portal app from your work profile.
aerosola That's what I did but even so with the portal not fully initialized the apps that are normally available will not proceed, behave like you are on your main profile.
r3g_5z I read on one of the dev's replies (unfortunately did a quick search and couldn't find it - if I came across of that reply again will post it here) that supporting enterprise software was not a priority hence why what I wrote.
r3g_5z GrapheneOS developers have never said this, please do not make assumptions.
Here Daniel mention:
This isn't planned since we don't see the work profile feature as having much of a place in GrapheneOS over the long term. It's not meant for how people are using it. We're focused on user profiles.
In other words we are not very keen to put time and effort on work profiles / enterprise software that are for remote management since our focus is on user profiles. In my view GrapheneOS is all about enterprise user since it's my perception the majority using it are nerds... not the common user.
burningfeelings From your quote:
It's not meant for how people are using it.
What that means is that people will often user the work profile with apps like Insular or Shelter to try and isolate their apps to a different profile. For that use case, user profiles are indeed the way to go.
The way you are supposed to use work profiles is for enterprise etc. I don't believe that GrapheneOS intends to neglect the proper usage of work profiles.
matchboxbananasynergy I don't believe that GrapheneOS intends to neglect the proper usage of work profiles.
Hope you are right. Its the only thing I'm missing for a full switch.
