Monday 1 February 2021

Further exploration and analysis of OEMConfig

 In a previous post published almost 2 years ago (wow time flies!) I briefly covered what OEMConfig meant in terms of Android device management and figured that now would be a good time to explore this functionality again with you. 

The fact that OEMConfig is supported in Intune isn't indeed hot off the press news, however its still a fairly new initiative which I feel both customers and tech folk alike are pretty much in the dark about. I would suggest that this is probably due to the value offered differing between OEM's and often handsets.

So, what actually is it? OEMConfig is a way of delivering device configuration value for settings that are mostly not available within Intune. These configurations are delivered via an OEMConfig app, which essentially controls the execution of these settings rather the MDM agent. The app differs across OEM's and sometimes, such as for the example I will be discussing in this post, across models of handset. You should also be aware that some elements of these settings may require additional licensing from one of the supported OEM's, all of  which are documented here

The key benefit of OEMConfig is the fact that each time the OEM wishes to release additional functionality, there is little to no development time in order for this to be available on devices. So no delay in waiting for a dedicated profile to be made available in Intune! However, what I would add is that in order to take advantage of this functionality it may actually mean the handset needs to be upgraded, or indeed if the new feature may come under the context of a setting that needs additional licensing. Most of the time I would expect this to be a case of an update needs to be installed on the device.

In this example, I have a Nokia 5.3 handset which in this scenario, requires an OEMConfig app specific to the model;

So the requirement now is to deploy this app to the device. Within the Microsoft Endpoint Manager admin center navigate to Apps > Android then select Add then Managed Google Play app as the app type

Search for the previously mentioned OEMConfig app for Nokia 5.3 devices (noting again that for Nokia devices there are OEMConfig apps per model)

Select it then click Approve twice, then Done before finally Sync to ensure that the app appears as available

Once the app appears in the list, select it then properties. Select edit next to assignments then add the appropriate target group as a required assignment. Save any changes

Now the configuration needs to be defined and then assigned. Navigate to Devices > Android > Configuration Profiles select Create Profile. Choose Android Enterprise as the platform and then OEMConfig for profile.

Give the profile a suitable name and then click Select an OEMConfig app to ensure the correct app is associated with the profile. After selecting Next you will now see the settings that are available, which can be configured using the default configuration designer

In this example, we are going to enforce location services on the device, so next to Location select Configure then Enabled from the drop-down menu on the next screen

Select Next twice and then assign the profile to the appropriate target group. Next then Create completes the assignment of the configuration.

As you can see, initially location services were disabled on my test device

Now you can see they are enabled, in addition, the prompts for the OEMConfig app install and confirmation of the setting being enabled are also visible

I have to admit that initially, I thought there was significant value in the ability to be able to control this setting on these handsets. The problem is that in this specific scenario it does not prevent the end-user from altering the setting, which is also clearly stated on the app within the store

I also attempted to modify the setting and wait for / force a sync to see if it reverted again without any luck. I intend to explore this further and will update this post if I have any further information on why this is the case. 

That aside I believe this still demonstrates the possibilities with using this technology and it should be something you should consider as a contributing factor when selecting company-owned Android devices.

Many thanks for reading this post, if you have any questions please feel free to reach out to me!

No comments:

Post a Comment