VMware Workspace ONE Community
larmst
Enthusiast
Enthusiast

Setting Default Apps in Android Enterprise profiles?

I am working on migrating 700 devices from Android legacy Workspace ONE/Hub/Launcher profiles to Android Enterprise profiles and am building the profiles now.

I cannot find a way to set the default apps in Android's system settings - default mail client, default browser, default text message app, etc. from the profile level. How do I do this?

Console: 2005

Work-managed profiles, work owned devices. Super locked down Launcher based devices, they must be "dummy proof"

Devices will be running Android 9 & 10

Everything we run is Samsung:

XCover Pro/A10E/J3V

T290/T380

19 Replies
chengtmskcc
Expert
Expert

We are going through the same migration as well.

As far as I know, Gmail and Chrome will be the default apps for the mail client and browser. Are you trying to set VMware Boxer/Web as the default apps instead?

larmst
Enthusiast
Enthusiast

We are going to use Workspace ONE Web, Microsoft Outlook per company-wide policy, and Google Messages for SMS.

Yes, it does push Chrome as the default, by default. Yet if I disable Chrome through console policies, the phones simply generate an error says Chrome is disabled and the WebApps I've set up for our Intranet pages fail to open from the Launcher screen.

I've looked at all of VMwares setup documentation, contacted our internal team, and spent several days Googling and reading other posts. I am hoping that such a simple feature does not require custom settings through XML or other coded means

Reply
0 Kudos
larmst
Enthusiast
Enthusiast

Bump.

Reply
0 Kudos
chengtmskcc
Expert
Expert

Got it. You have an interesting use case and I would very much love to know if there's a way as well for future reference.

larmst
Enthusiast
Enthusiast

I still haven't found the answer. Internal team is pointing me towards custom settings through XML. I would make a vmware support ticket, but am restricted from doing so.

Also, Enterprise eliminates the Bookmarks payload that was present in Android Legacy profiles. Bookmarks must be rebuilt as  "Web Apps," (Instructions Here) but the Web Apps I have created try to force Chrome use, even if Web is manually set as the default browser. Chrome use is forbidden by Parent OG settings, we've only used Web and Airwatch broswer in the past and I am told we cannot use Chrome for security purposes.

Reply
0 Kudos
larmst
Enthusiast
Enthusiast

Still no resolution, is this not a feature? bump.

Reply
0 Kudos
chengtmskcc
Expert
Expert

Any update from VMware support?

larmst
Enthusiast
Enthusiast

My myVMware account is blocked from making tickets and direct support requests by my employer, and they have not submitted a ticket either. Only systems engineers can make those support requests, and they are pointing me to XML, where I am not finding a solution

Reply
0 Kudos
larmst
Enthusiast
Enthusiast

Other issues I am seeing in Android Enterprise profiles:

-No Power OFF restrictions

-Binary phone call/SMS restrictions. You either block, or allow.

Legacy allowed restriction of power off, and allowed SMS/Phone call permissions for specific numbers, inbound/outbound, etc.

Reply
0 Kudos
larmst
Enthusiast
Enthusiast

I found Power Off restrictions within Launcher settings, instead of in the Restrictions payload (Legacy)

Reply
0 Kudos
MatthewSwenson
Hot Shot
Hot Shot

I guess I posted this on an old version of this thread?

Anyway, we forced setting default apps by using BlackLists in the App Control section to hide/remove the apps we didn't want users to access.  This would work well for your use-case, because you are already using the launcher, so you're already using the Work-Managed Mode.  Not sure if it would fix your Web launchers though...

larmst
Enthusiast
Enthusiast

Different threads, same questions, I saw your other post on the Firefox one.

I talked my group into using Chrome for the WebApp launches, as Enterprise now offers Chrome URL restrictions.

I managed to block everything except for our Intranet Webapps by using the following in the Chrome Browser Settings profile payload:

Block URLs:http://*

https://*

URL exceptions:

http://intra.net.xyz

https://intra.net.xyz

*http://intra.net.xyz

*https://intra.net.xyz

http://intra.net.xyz*

https://intra.net.xyz*

*http://intra.net.xyz*

*https://intra.net.xyz*

But at the end of the day, I still have to set Chrome as the default browser manually or by selecting and using "Always" on the first link use after QR enrollment. I will try your suggest of blacklisting the Samsung Browser tomorrow and see that cuts out a step.

Reply
0 Kudos
MatthewSwenson
Hot Shot
Hot Shot

@larmstDid it work out?

Reply
0 Kudos
ChristerSvensso
Contributor
Contributor

a
Reply
0 Kudos
Noordan
Hot Shot
Hot Shot

Hi, You should be able to use awb:// or awbs:// intead of http:// or https:// in the link when publishing the "web app". That should force the link to open in workspace one web application. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/WS1_Web_Guide.pdf
Reply
0 Kudos
larmst
Enthusiast
Enthusiast

Noordan,

Using awb:// or awbs:// produces and invalid URL message in the Web App creation tool

larmst_0-1605534793043.png

 

Reply
0 Kudos
Noordan
Hot Shot
Hot Shot

Yes. sorry, I did not understand that you were trying to use "Web apps" thru google play. 

awb:// and awbs:// will only work if you publish the web liink thru Apps & Books -> web -> Web Links.

Reply
0 Kudos
pmeuser
Contributor
Contributor

An approach could be to not have WS1 install Chrome into the work profile at all. If the user just has one choice, choosing the only available browser (which one ever you prefer) as default should be no challenge.

This is exactly the behavior you can observe with Intune. I have no clue why VMware's developers have chosen to push Chrome without any option. Obviously, the Android Enterprise framework allows to do this differently.

Reply
0 Kudos
MatthewSwenson
Hot Shot
Hot Shot

Chrome comes pre-installed on Android 95% of the time.  It's not an app WS1 is pushing.  To hide or remove it, you have to blacklist it and use an App Control profile.  (this is only possible for work-managed enrollments)

If you're talking about BYOD enrollments, I am not sure what to say.  At that point, though, the user has a lot of flexibility...

Reply
0 Kudos