T
tetto

  • 15 hours ago
  • Joined 7 days ago
  • In MS Intune company portal with work profile not working

    g0mml It must've failed at some point in the process. Do 'Remove work profile' under the 'Settings' > 'Passwords, passkeys & accounts', uninstall Company Portal, reboot, and try again. I'd gone through probably 25 different attempts before I found the sequence that worked. I just posted some updated steps above.

    • In MS Intune company portal with work profile not working

      Success!

      Shout out to @imperfect for his input! Thanks to that, my device now has Company Portal installed, work profile created, the device registered with Intune, and functioning work apps (Teams, etc). Most of the advice above and elsewhere online does not require the work profile or enrollment in Intune, which was my failure point.

      Do this all from the owner profile. Do not use Shelter. Do not manually create a work profile. Do not create a separate Graphene user.

      • Under the owner profile, install any apps you'll want to use in the work profile later on.
      • Install Company Portal (Play Store, Aurora, etc)
      • Before launching it, enable exploit protection and set it as a device admin app
      • Now launch Company Portal and sign in
      • 'Begin' company setup and 'Continue'
      • "Setting up your work profile" transitions to a "Let's set up your work profile" screen. 'Accept & Continue' then it'll work for a minute, then prompt you to tap 'next', WAIT! Do not yet tap next and leave that screen open.
      • Install apps to the work profile via ADB
        • I did not include gms items or android.vending as imperfect did since I install those differently below
        • pm install-existing --user 10 com.microsoft.office.outlook etc. 10 was my work profile ID as identified by pm list users
      • Go back to the Company Portal app you previously left open and tap 'Next'
      • It spins indefinitely. You'll know it's gone as far as it will go when the Company Portal app disappears from your app drawer (because it was moved to the work profile)
      • Go to Settings > Apps > All Apps > 'Work Profile' tab
      • Select 'App Store' (Graphene) and the launch icon in the top right to launch it under the work profile
      • 'Google Play Services' Install (includes GmsCompatConfig, and Google Play Store dependencies)
      • Reboot
      • Go to Settings > Apps > All Apps > Work Profile tab, tap 'Company Portal', enable exploit mode, then the launch icon in the top right to launch it under the work profile
      • Sign into company portal again.
      • It initially hung on "Setting up your work profile" (red banner with company name up top), then eventually failed with something like "Unable to create work profile. Contact your company IT admin".
      • Reboot
      • Go to Settings > Apps > All Apps > Work Profile tab, tap 'Company Portal', then the launch icon in the top right to launch it under the work profile
      • Sign into company portal again.
      • Repeat. This time, the 'Create Work Profile' step was already checked. It immediately went to "registering" then "finishing setting up your work profile..." and completed!

      I'm able to use apps (Teams, etc) that require the device be registered in Intune. The annoying part is that I can't launch them directly from the owner profile home screen or app drawer. You have to go to Settings > Apps > All Apps > 'Work Profile' tab and launch from there. I'll explore to see if I can create a shortcut for this or launching apps under the work profile.

      I just achieved this about 10 minutes ago. We'll see what type of experience I have using work apps over the next week or so.

    • In MS Intune company portal with work profile not working

      imperfect Interesting! Keeping them up-to-date would come a PITA since you would have to remove Company Portal and the work profile each time you wanted to update a work profile app.

      I had tried to load apps into the work profile using ADB, but that was after the work profile was fully created and MDM enrolled. I got 'access denied' for the work profile ID, which makes sense. And that was installing from a downloaded APK - I wasn't aware you can install from an existing app.

      Mind sharing what commends you used?

        • In MS Intune company portal with work profile not working

          0xsigsev Yes. Though one oddity to note is that the first time we successfully got it enrolled in Intune, the next day they said it didn't reflect having current policies despite nothing being changed. I unenrolled and undid everything (removed work profile, uninstalled Company Portal), then did it over again (now knowing what steps to take), and it has stuck this time.

          I attribute it to the first iteration having everything under the sun thrown at it until it worked. It wasn't cleanly done.

            • In MS Intune company portal with work profile not working

              I'm making progress! My job requires Company Portal to be installed, work profile created, and the device registered with Intune. Most of the advice above and elsewhere online does not require the work profile or enrollment in Intune, which was my failure point.

              I've successfully done the above, but cannot yet install apps in the work profile. More on that below.

              Do this all from the owner profile. Do not use Shelter. Do not manually create a work profile. Do not create a separate Graphene user.

              • Install Company Portal (Play Store, Aurora, etc)
              • Before launching it, enable exploit protection and set it as a device admin app
              • Now launch Company Portal and sign in
              • I'll prompt to setup the work profile. Accept, it'll work for a minute, then prompt you to press next, after which it will fail/sit there indefinitely.
                • At this point, Company Portal disappears from the owner's apps list, but was still listed as installed in the Play Store; it has been moved to the partially-created work profile.
              • Go to Settings > Apps > All Apps > 'Work Profile' tab
              • Select 'App Store' (Graphene) and the launch icon in the top right to launch it under the work profile
              • 'Google Play Services' Install (includes GmsCompatConfig, and Google Play Store dependencies)
              • Reboot
              • Go to Settings > Apps > All Apps > Work Profile tab, tap 'Company Portal', enable exploit mode, then the launch icon in the top right to launch it under the work profile
              • Sign into company portal again.

              It took a few attempts and a reboot, but I was able to sign in and my company IT confirmed my device was now showing in Intune.

              So Company portal is installed, work profile created, and device registered in Intune. However, whenever I try to install apps (via Play Store) within the work profile, it immediately fails with 'Blocked by Work Policy'. I'm currently troubleshooting as I have time - updates to follow.