Forum Discussion
Managed Home Screen Woes
Setting up a Company Owned Dedicated (kiosk) Android device can be a bit challenging to get just right. After several hours of reading Reddit, Microsoft, and Personally owned blogs and threads, I figured I would consolidate everything I have found to hopefully have this show up on someone else's Google results.
(Main link for Managed Home Screen Configuration: Configure the Microsoft Managed Home Screen app - Microsoft Intune | Microsoft Learn )
- Calling issues with Managed Home Screen
The Issue: Devices were able to receive phone calls, but the only notification was in the default system's notification tray; this was while the device was locked and unlocked. This posed an issue as we would like to 1) disable the default system tray and 2) We need at least the phone to light up when it was locked to let the users know they're getting a call.
The Solution: After researching it is my assumption that the underlying issue is that while the phone is managed, and enrolled as a Company Owned Dedicated Device, for some reason the UI elements are NOT identified as managed items. So the administrator must deploy the following applications as Android Enterprise System Apps and set them as required installs:
com.samsung.android.incallui --- I named this Call UI, Publisher Android
com.android.server.telecom --- I named this Telecom (1 of 2 Req for Phone App), Publisher Android
com.samsung.android.app.telephonyui --- I named this Telephony UI (2 of 2 Req for Phone App), Publisher Android
(Yes, these are probably not the "Android Designated Application Name" but that's what they're staying as in my tenant.)
That's it. Done. Phone was able to receive calls with the normal quarter of the top screen notification, as well as a full screen notification if the device was locked. However, some previous research also let me to these other items that may help someone else from googling:
The Android Phone App Package ID / Android Phone App Bundle ID / Samsung Phone App is:
com.samsung.android.dialer --- I named this Phone, Publisher Samsung
(unsure for Google, Motorola, etc phones, this works for Samsung) This needs to be set as required as well, and assumedly placed on the managed home screen for the user to make calls (unsure if it is needed to receive calls only... if you have some type of use case for that?).
Most predominant links relating to the issue:
Article 1: Shared Android Phone/Calls from Kiosk Mode? : r/Intune (reddit.com)
Article 2: Shared Android Phone - KIOSK device - Phone Calls - Samsung : r/Intune (reddit.com) - Managed Home Screen Conflicts
App Configuration Policies currently don’t really show you any information as to why or what a conflict is; just that it’s conflicting (thanks, Microsoft).
Some common issues I’ve seen around is that while some configurations are available in both the Device Configuration Profile and the App Configuration Policy; you should not apply these settings in both places (see the tables of configurations on the Microsoft doc for Managed Home Screen at the top of this article).
Personally, I like having the configurations setup as:
Managed Home Screen App Config Policy:
Configuration Key | Value Type | Configuration Value |
Exit lock task mode password | string | 123456 |
MAX time outside MHS | integer | 600 |
MAX inactive time outside MHS | integer | 180 |
Enable MAX time outside MHS | bool | TRUE |
Enable MAX inactive time outside MHS | bool | TRUE |
Enable easy access of debug menu | bool | TRUE |
Define Theme Color | string | light |
Applications in folder are ordered by name | bool | TRUE |
Application order enabled | bool | TRUE |
Device's serial number | choice | {{SerialNumber}} |
Show device name | bool | TRUE |
Show Device Info setting | bool | TRUE |
Show Volume setting | bool | TRUE |
Show Flashlight setting | bool | TRUE |
Show Bluetooth setting | bool | TRUE |
Show Managed Setting | bool | TRUE |
Show Wi-Fi setting | bool | TRUE |
Battery and Signal Strength indicator bar | bool | TRUE |
Set device wall paper | string | |
Lock Home Screen | bool | TRUE |
Enable notifications badge | bool | TRUE |
(Exiting Kiosk mode is then within the Device Managed Settings > i > Exit Kiosk Mode with the ‘Exit lock task mode password’ pin.)
Dedicated Device Configuration Policy:
(In my experience, this is an overview of the settings that should / shouldn’t be set with Managed Home Screen. This is not all the settings, that’s a lot of typing. But this will give you a good start. I am sure not all of these affect the Managed Home Screen as well, but at least the ones under Device Experience do.)
General:
Permission Policy – Default
Date and Time – Block
Factory Reset, Status Bar – Blocked
Skip first hints – Enable
Power Button Menu – Block
System Error Warnings – Allow
Enabled System Navigation Features – Home and overview buttons
System Notifications and Information – Show both
Device Experience:
Enrollment Type – Dedicated Device
Kiosk Mode – Multi-App
Custom Layout – Enable (Note: all of these apps need to be deployed and set as required)
App Notification Badges – Enable
Virtual Home Button thru Wi-Fi Configuration– ALL Not Configured (as these are configured within the App Configuration Policy!)
Bluetooth, Flashlight, Media, Quick access to device info – Enabled
- Managed Home Screen Background
I found that the best place to configure this is only within the App Configuration Policy. The main issue everyone seems to face is that the image URL must end with a ‘.jpg’. This is very easily overcome; find an image on Google, Download it, Go to Imgur, Upload it (watch your ad), Right click it afterwards, then click Copy Image Link. Boom imgur.com/somerandomletters.jpg - Finding the Android App Identifier
Honestly, this is a lot more complicated than it needs to be. Note: Adding the Managed Home Screen app to the Home Screen shows up as Managed Settings and works great.
Here’s a list of the common ones:
There were a LOT of articles and treads I read about these issues and I cannot possibly find them all again to post here. But here are a few to try and give credit:
Configure the Microsoft Managed Home Screen app - Microsoft Intune | Microsoft Learn
Shared Android Phone/Calls from Kiosk Mode? : r/Intune (reddit.com)
Shared Android Phone - KIOSK device - Phone Calls - Samsung : r/Intune (reddit.com)
GitHub - petarov/google-android-app-ids: Google Android apps found on the Play Store (Some of these are incorrect for my use cases (needed Android apps not Google Apps))
Corporate-owned Android Enterprise device restriction settings in Microsoft Intune | Microsoft Learn
Manage Android Enterprise system apps in Microsoft Intune | Microsoft Learn
- HI,
iv been trying to allow calls on google Pixel phones with manage home screen but only way I can see of them to answer call when the phone is not locked is to set
"System notifications and information : Show system information in device's status bar"
this will allow user to answer the call but they will have access to the notifications tray were there is a notification from the android system saying "manage home screen is displaying over other apps" and the user can go in to the setting as turn it off , this means the session will not time out and will not ask for a pin to get back in, this mean if the user put the phone down any one can use it with out a pin or login in ... anyone had this before an know of any solutions - Amazing post, thanks for all the help.
I had an app configuration policy which defined apps for the managed home screen, then went to add a device configuration policy to block factory resets, but this caused a policy conflict which left me scratching my head for a good while.
Your configuration works perfect, and it's easier to define apps in the device config policy anyways.
