Configure permissions for the Managed Home Screen (MHS) on Android Enterprise devices using Microsoft Intune
מאמר
The Managed Home Screen (MHS) is an Intune app that allows you to configure the home screen on the device. It only shows the apps that your users access and the device settings that admins need to manage.
The MHS is used for kiosk devices, including frontline worker (FLW) devices. It replaces the default launcher on your Android Enterprise dedicated and fully managed devices. To learn more about the MHS app, go to Configure the Microsoft MHS app for Android Enterprise.
Typically, when you configure the MHS on a device, end users need to manually accept certain permissions that MHS needs. These permissions allow the MHS to access device features and settings.
Instead of relying on end users to accept the permissions, you can use an OEMConfig device configuration policy to automatically grant permissions to the MHS app.
More OEMs are being added, including Honeywell (no ETA).
This article:
Lists the required permissions that the MHS needs.
Shows how to get the OEM app from the Managed Google Play Store.
Lists the steps to create an OEMConfig policy in Intune that automatically grants permissions for the MHS app.
Required permissions
For the MHS to work, certain permissions are required for certain features. Samsung and Zebra allow the MHS app to grant many of these permissions using the OEMConfig app schema.
The following table lists the permissions that you can configure for the MHS app on Samsung and Zebra devices:
Permission
Samsung
Zebra
Legacy Zebra
Overlay Permission is required by:
- Virtual home button - Screen saver - Automatic sign out
✅
✅
✅
Notification Permission is required by:
- Notification badge
✅
✅
✅
Alarms & Reminders permission is required by:
- Screen saver - Automatic sign out - Automatic relaunch
This article creates OEMConfig configuration profiles in Intune. Before you create OEMConfig profiles, review the OEMConfig profiles in Microsoft Intune - Before you begin section for important information, as there's a 500-KB file size limit and other important information.
Devices must be MDM enrolled in Intune as dedicated devices or fully managed devices. For more information on the available Intune enrollment options for Android Enterprise devices, go to Enrollment guide: Enroll Android devices in Microsoft Intune.
To configure this policy, at a minimum, sign into the Intune admin center with the Policy and Profile manager role. For more information on the built-in roles in Intune, go to Role-based access control with Microsoft Intune.
Step 1 - Get the app from the Managed Google Play Store
OEMs provide their own OEMConfig app that lets you configure features within the app. In this step, you:
Get the OEMConfig app from the Managed Google Play Store.
Assign the app to your devices or device groups that use the MHS.
Samsung and Zebra OEMs use the following Managed Google Play apps:
OEM
App name
Samsung
Knox Service Plugin
Zebra
Zebra OEMConfig Powered by MX
Zebra OEMConfig Powered by MX is a new version of the OEMConfig app released in May 2023.
Step 2 - Create the OEMConfig profile that configures the app
The next step is to create an OEMConfig profile that configures the permissions in the OEMConfig app. In this profile, you configure the app schema settings that autogrant permissions to the MHS app features.
In Assignments, select the devices or device groups that should receive your profile. Assign one profile to each device. The OEMConfig model only supports one policy per device.
Select Next, and review your settings. When you select Create, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.
The next time the device checks for configuration updates, the settings you configured are applied to the app.
Using the schema settings in the Zebra OEMConfig Powered by MX app, this profile grants the following permissions:
Overlay Permission
Notification Permission
Note
On Android 11, the Zebra OEMConfig Powered by MX app schema doesn't work if the board support package (BSP) version is HE_FULL_UPDATE_11-20-18.00-RG-U00-STD-HEL-04. To use the Zebra OEMConfig powered by MX app, you must upgrade to a newer BSP.
In Assignments, select the devices or device groups that should receive your profile. Assign one profile to each device. The OEMConfig model only supports one policy per device.
Select Next, and review your settings. When you select Create, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.
The next time the device checks for configuration updates, the settings you configured are applied to the app.
When you use the schema settings in the Legacy Zebra OEMConfig app, this profile grants the following permissions:
In Assignments, select the devices or device groups that should receive your profile. Assign one profile to each device. The OEMConfig model only supports one policy per device.
Select Next, and review your settings. When you select Create, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.
The next time the device checks for configuration updates, the settings you configured are applied to the app.