Been using GrapheneOS for several years on my personal phones. With the deployment of AI within newest iOS for iPhones and the Gemini on the newest google Pixels, many do not want to have AI in a corporate environment.
For the last several months I have been working on a GrapheneOS on Pixel 9 Pro that works within a corporate environment and is controlled using Microsoft InTune product. So far here are the results.
Corporate portal app (company MS Intune software) is required to be installed in order for Outlook, TEAMs and the MS authenticator to work. The corporate root Cert must be installed.*
- This did not happen automatically and must be installed manually. Download the cert and add to the cert store on the Pixel. - seems to cause more issues later.***
Outlook app is installed - No googleplay required and worked perfectly.
TEAMs app is installed - No googleplay required and worked perfectly.
MS authenticator (required for MFA at the corporate level) - DID NOT work without Googleplay.
- Installed googleplay then MS Auth works
- Uninstalled googleplay after MS authenticator was working and MS auth stopped working.
Conclusion after multiple tests - Googleplay must be installed for this one app to work. Googleplay is sandboxed. All apps under the umbrella of corporate portal working.
**** MFA configuration settings are updated every 7 days on company phones. On the 7th day I receive a warning banner that I need to install the company root cert on the phone
"Choose Certificate - The App Company portal has requested a certificate. Choosing a certificate will let app use this identity with servers now and in the future."
- I install gthe root cert manually by clicking the install button... I think the phone permissions are stopping this from automatically installing.
Q: Any idea as to which setting this might be?
Once the cert is installed the company portal app needs me to sign in again and then to at least one other MS app for all to start working normally.
Minus this one issue with the root cert not installing I think this is a viable solution for a company-controlled device with no AI.