Android enterprise dedicated devices with the Microsoft Managed Homescreen app are a conenient way to provide devices with restricted functionality and customized look and feel to end users. Because the Managed Homescreen app acts as an overlay to the underlying Android certain prompts and features are not enabled by default unless you allow-list them by deploying the corresponding Android System App and add the app to the kiosk device restrictions.

System Apps

System apps can be added as separate app type within MEM:

System Apps

It is important to deploy the desired system apps as required to your devices and also adding them within the kiosk configuration:

Kiosk config

List of commonly used System apps for Samsung devices

Based on a recent project where we had Samsung devices in place we allow-listed the following system apps within the kiosk configuration:

DescriptionApp Bundle ID
USB File Transfer Prompt Android Version < 12com.samsung.android.MtpApplication
USB File Transfer Prompt Android Version >= 12com.android.mtp
Android System UI (used for a variety of prompts)com.android.systemui
Service Mode App (USB prompts)com.sec.android.app.servicemodeapp
Knox license promptscom.samsung.android.knox.pushmanager
Samsung Android update promptscom.wssyncmldm
Knox smdmscom.sec.enterprise.knox.cloudmdm.smdms
Knox container corecom.samsung.android.knox.containercore
Knox attestationcom.sec.enterprise.knox.attestation
Keyboard changescom.samsung.android.honeyboard

An indicator to decide wheter you need to add an app to the list is always when you can see the prompts outside of the managed homescreen app after leaving the kiosk mode. {: .notice–info}

How to retrieve android app bundle IDs

Besides googling for the package IDs, in this case Samsung had documented some, an Android APK debugger (I used the one from Martyn Styk) can be quite helpful to determine the app bundle identifiers: APK Analyzer

I hope this quick post helps you to fine-tune your android enterprise dedicated devices setup.