Depending on the use cases and the requirements of the company, Android Enterprise Work Profile can be a great enrollment mode for both BYOD devices and company owned devices (in fully managed mode) when using Microsoft Intune. With an Android Enterprise Work Profile, you separate private apps and data from the corporate apps and data to prevent data leakage.
Depending on the manufacture and the ROM that is installed on the Android device some system apps will be installed within the Android Enterprise Work Profile.
In this example on a Samsung Galaxy A6, the Contacts, My Files and the Play Store are installed within the Android Enterprise Work Profile.
Some companies also what to separate the camera and the image gallery from the private and company part of the phone. For example, if a user needs to make photos for work purpose and the company does not what those photos to be stored in the private Image Gallery next to the private photos of the users (including the risk that those photos are synced/backup with unmanaged services). I have seen multiple use cases for this.
With Microsoft Endpoint Manager – Microsoft Intune you can easily add or remove system apps in the Work Profile including the camara and the image gallery. In this blog I will show you step-by-step how to accomplish this.
How to find the Application ID
In order to install a system app in the Android Enterprise Work Profile (or to remove one) you need to have the Application ID of the system app. You can find the Application ID by browsing to the web version of the Google Play store, search for the app and then copy the last part of the URL next to “?id=”. However, when searching for ‘camera’ or ‘gallery’ you will get al lot of apps in the search results with the same name, and then it can be confusing which one you need.
For this reason, I use the app “Package Name Viewer”. With this app installed on a similar device you can exactly see which application you need and what the application ID is.
As you can see, for the Gallery I need “com.sec.android.gallery3d” and for the Camera I need “com.sec.android.app.camera“.
Publish the system app in Microsoft Intune
For the final step open a browser and navigate to the Microsoft Endpoint Manager admin center.
Navigate to Apps > Android and click Add
Select Android Enterprise system app and click Select again.
Fill in the following information (for the Gallery in this case):
Name: Gallery
Publisher: Samsung
Package name: com.sec.android.gallery3d
Click Next
For automatic installation of the system app, assign an Azure AD security group as Required and click Next
Click Create
After a few minutes the system applications will be installed in the Android Enterprise Work Profile.