The Community

Mobile Pros has been a slack group since inception, way back in the late 2010s. One of the biggest bug-bears for that platform is Slack's hostile approach to non-paying communities, withholding message history and denying access to attachments; it's meant a lot of valuable information over the years has vanished into the ether and put the community on the back-foot compared to other platforms in the ecosystem, which retain a wealth of available wisdom from their collective members. While it's arguable the ecosystem moves quickly and information soon becomes dated, I say yes and no. Specific questions about Intune or a version of iOS more than a couple of years old? Sure, it has an expiry due to the pace of development and change (perhaps Intune wasn't a great example for pace... heh), but a lot of information - the basics of management, approaches to security, best practices, etc. - change far less over time (just look at the docs here to see things from 2019 still relevant today), and means rewriting the same answers over and over with the Slack we have. Well, as of August, Slack will start deleting old history entirely. I've always wanted to find a way to make access to past messages, solutions, and discussions viable on Slack, even to the point of asking around for sponsorship opportunities, but it's simply not feasible, and so after months of thought and discussion between our core members, the Mobile Pros community is moving from Slack to Discord. Why Discord? Predominantly the popularity of the platform, but equally the reasonable parity of function between that and Slack to avoid it being too-jarring an experience to migrate. It goes without saying Discord has some great community features we can leverage as well, and I'm looking forward to putting these into use. On polling the existing community, Discord won out, with Rocket.Chat, Mattermost, Discourse, and others also considered, though with any community it's immeasurably important to ensure ease of access and simplicity of engagement; my concern with rolling a hosted instance of an (arguably easier to manage) FOSS community platform would be yet another account on yet another platform which I know can put people off. The Mobile Pros community has been going strong over the years and has nearly 1,900 members. While I expect to lose a few of you during the migration, I'm hopeful that most of you will join us on Discord. I know moving platforms can be a farce, but Discord is a very popular platform (far more so than when we looked at it back in 2021!) and I'm hopeful the move won't be too off-putting. The Slack Mobile Pros group will be officially shutting down come August, but engagement there is actively discouraged already as content will not be migrated over to Discord automatically (and I spent a week doing it all manually!). If you want to continue engaging with Mobile Pros or if you’ve been thinking about joining, now’s the perfect time to get involved. You can start joining our new Discord community today. Just follow this link to get started. I look forward to seeing you all there! (Oh, and for good measure, I've also pushed a static copy of Mobile Pros' Slack history to archive.mobilepros.org through the exceptionally simple tool from hfran. I was doing the work to migrate, I figured I might as well!)

Mobile Pros has been a slack group since inception, way back in the late 2010s. One of the biggest bug-bears for that platform is Slack's hostile approach to non-paying communities, withholding message history and denying access to attachments; it's meant a lot of valuable information over the years has vanished into the ether and put the community on the back-foot compared to other platforms in the ecosystem, which retain a wealth of available wisdom from their collective members. While it's arguable the ecosystem moves quickly and information soon becomes dated, I say yes and no. Specific questions about Intune or a version of iOS more than a couple of years old? Sure, it has an expiry due to the pace of development and change (perhaps Intune wasn't a great example for pace... heh), but a lot of information - the basics of management, approaches to security, best practices, etc. - change far less over time (just look at the docs here to see things from 2019 still relevant today), and means rewriting the same answers over and over with the Slack we have. Well, as of August, Slack will start deleting old history entirely. I've always wanted to find a way to make access to past messages, solutions, and discussions viable on Slack, even to the point of asking around for sponsorship opportunities, but it's simply not feasible, and so after months of thought and discussion between our core members, the Mobile Pros community is moving from Slack to Discord. Why Discord? Predominantly the popularity of the platform, but equally the reasonable parity of function between that and Slack to avoid it being too-jarring an experience to migrate. It goes without saying Discord has some great community features we can leverage as well, and I'm looking forward to putting these into use. On polling the existing community, Discord won out, with Rocket.Chat, Mattermost, Discourse, and others also considered, though with any community it's immeasurably important to ensure ease of access and simplicity of engagement; my concern with rolling a hosted instance of an (arguably easier to manage) FOSS community platform would be yet another account on yet another platform which I know can put people off. The Mobile Pros community has been going strong over the years and has nearly 1,900 members. While I expect to lose a few of you during the migration, I'm hopeful that most of you will join us on Discord. I know moving platforms can be a farce, but Discord is a very popular platform (far more so than when we looked at it back in 2021!) and I'm hopeful the move won't be too off-putting. The Slack Mobile Pros group will be officially shutting down come August, but engagement there is actively discouraged already as content will not be migrated over to Discord automatically (and I spent a week doing it all manually!). If you want to continue engaging with Mobile Pros or if you’ve been thinking about joining, now’s the perfect time to get involved. You can start joining our new Discord community today. Just follow this link to get started. I look forward to seeing you all there! (Oh, and for good measure, I've also pushed a static copy of Mobile Pros' Slack history to archive.mobilepros.org through the exceptionally simple tool from hfran. I was doing the work to migrate, I figured I might as well!)

In recent days, the tech community has been grappling with the aftermath of a major outage caused by CrowdStrike. This incident resulted in significant disruptions across various enterprise Windows environments, leading to downtime and operational challenges for numerous organisations, public bodies, critical infrastructure, and more. The outage has highlighted the almost impenetrable hold Microsoft has on organisations the world over, and critically flawed Windows can be. It also highlights the importance of secure system installations, change control, and maintenance practices.. but human behaviour is harder to fix. As organisations recover and reassess their IT strategies, it's absolutely worth taking some time to consider reducing the Windows stronghold - particularly for critical services - and explore alternatives to add a little redundancy to your organisation. The below guide offers a quick and simple run-through for installing alternative operating systems on existing endpoints, be they desktop/laptop or server. Obvious heads-up This guide doesn't go into the nuances of enterprise security beyond some basic best practices. Rather, it's to offer a taste of alternatives for non-production devices for intrigued administrators, or those told by their bosses to take a few eggs out of their basket. Proceed with understanding. First up, Ubuntu # Ubuntu is widely used for both desktops and servers, and considered one of a few leading enterprise Linux distributions (others include RedHat, Suse..). Ubuntu is generally known for good compatibility with a range of devices on the market, and so makes for a nice introduction to Linux. This guide will walk you through the best practices for installing Ubuntu securely, whether setting up a workstation for knowledge workers or deploying a server for backend infrastructure. Ubuntu Desktop for knowledge workers and end users # 1. Preparing for Installation Download Ubuntu from Official Sources: Always download the latest Ubuntu ISO image from the official Ubuntu website. Verify the SHA256 checksum to ensure the integrity of the downloaded file. Create a Bootable USB: Use reliable tools like Rufus (for Windows, while you still have it eh?) or Etcher (cross-platform) to create a bootable USB drive. This ensures a clean and secure installation medium. 2. Boot from USB Drive Insert the bootable USB drive into the target device. Restart the device and boot from the USB drive. 3. Try Ubuntu Before Installing When prompted, if you'd like to have a quick test-run to ensure it boots, choose Try Ubuntu to boot into a live session. This allows you to test the system and check compatibility before installation. 4. Begin Installation Double-click the Install Ubuntu icon on the desktop to start the installation process. Installation Options: Language: Select your preferred language. Keyboard Layout: Choose the appropriate keyboard layout. Updates and Other Software: Select Download updates while installing Ubuntu to ensure that your installation is up-to-date with the latest patches. Choose Install third-party software if you need additional codecs or proprietary drivers. Installation Type: Erase Disk and Install Ubuntu: This option will delete all data on the disk and install Ubuntu. Use this if you’re setting up Ubuntu on a fresh system or replacing an existing OS. Something Else: Choose this option for custom partitioning. Recommended for advanced users who want to create separate partitions for /home, /var, /tmp, and /opt. 5. Partitioning For secure installations, it’s recommended to create separate partitions for system directories: /home: For user data. /var: For variable data such as logs. /tmp: For temporary files. /opt: For optional application software. If using LVM, choose the Use LVM with the new Ubuntu installation option for better management of disk space. Encryption: Select the option to Encrypt the new Ubuntu installation for security. This uses LUKS encryption to protect your data. 6. Complete Installation Follow the prompts to select your time zone and create a user account. After installation, remove the USB drive when prompted and reboot the device. 7. Post-Installation Configuration Update System: Immediately update your system to ensure you have the latest security patches. Use the command: sudo apt update && sudo apt upgrade -y Enable Firewall: Activate and configure the Uncomplicated Firewall (UFW) to block unnecessary incoming traffic: sudo ufw enable sudo ufw allow ssh Install Antivirus: Consider installing ClamAV or an equivalent FOSS AV to scan for malware and viruses, particularly if you interact with Windows systems. Ubuntu Server for infrastructure and userless systems # 1. Preparing for Installation Download and Verify ISO: As with the desktop version, download the latest Ubuntu Server ISO from the official source and verify its integrity. Create a Bootable USB: Use a secure method to create a bootable USB drive. 2. Configuring BIOS/UEFI Settings Secure Boot: Enable Secure Boot for added protection during the boot process. Disable Unused Hardware: While you're in BIOS, it's a good opportunity to disable unnecessary hardware to limit exposure. 3. Installation Process Minimal Installation: Choose the minimal installation option to install only essential packages. Disk Encryption: Use LVM with LUKS to encrypt your disk, ensuring data security. Custom Partitioning: Create separate partitions for /var, /tmp, and /opt to contain potential breaches. 4. Post-Installation Hardening Update System: Run system updates immediately: sudo apt update && sudo apt upgrade -y Configure Firewall: Use UFW to configure the firewall appropriately: sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw allow [your additional services] sudo ufw enable Install Fail2Ban: Protect against brute force attacks by installing and configuring Fail2Ban: sudo apt install fail2ban sudo systemctl enable fail2ban SSH Hardening: Edit the SSH configuration file (/etc/ssh/sshd_config) to enhance security: Disable root login: PermitRootLogin no Change the default port: Port 2222 (choose any unused port) Allow only specific users: AllowUsers yourusername Ensure login by password is disabled. Key based auth ensures passwords can't be guessed. 5. Regular Maintenance Automate Updates: If you haven't learned your lesson from allowing automatic updates to run amok, configure unattended upgrades to keep your system up to date automatically: sudo apt install unattended-upgrades sudo dpkg-reconfigure unattended-upgrades Monitor Logs: Regularly check system logs for suspicious activity using tools like Logwatch or setting up a SIEM system for central log intake. Next, ChromeOS Flex # Before Google acquired it, CloudReady was the leading provider of a Chromium OS-based solution that aimed to bring a lightweight, secure operating system to older hardware. Now rebranded as ChromeOS Flex, this solution continues to deliver a streamlined computing experience, particularly for repurposing outdated devices. ChromeOS Flex brings the benefits of Google's Chrome OS to a wide range of hardware, offering a modern alternative to traditional operating systems. Prerequisites # Supported Devices List Before beginning, verify that your device is compatible with ChromeOS Flex. Google maintains a list of officially supported devices on their ChromeOS Flex Supported Devices page. While ChromeOS Flex is designed to work with a broad range of hardware, checking compatibility ensures optimal performance and user experience. Unsupported (or unlisted) devices may work perfectly, or may lack functionality. Requirements USB Drive: A USB drive with at least 8GB of capacity. Backup: Ensure all important data on the target device is backed up, as the installation will erase existing data. Installation Steps # 1. Download ChromeOS Flex Visit the ChromeOS Flex website. Download the ChromeOS Flex image and follow the instructions to create a bootable USB drive. 2. Create a Bootable USB Drive Using the Chromebook Recovery Utility: Install the Chromebook Recovery Utility from the Chrome Web Store. Insert the USB drive into your computer. Open the Chromebook Recovery Utility. Click Get Started and select Chromebook or Chromebox. Click Select a model from a list, then choose Google ChromeOS Flex. Follow the prompts to create your recovery media. Using a Different Tool: Download and install a tool such as Etcher or Rufus. Select the ChromeOS Flex image file you downloaded and your USB drive. Follow the tool’s instructions to write the image to the USB drive. 3. Boot from USB Drive Insert the bootable USB drive into the target device. Power on the device and enter the BIOS/UEFI settings (usually by pressing F2, F12, ESC, or DEL during startup). Set the device to boot from the USB drive. Save the changes and reboot the device. 4. Install ChromeOS Flex Upon booting from the USB drive, you’ll be presented with a ChromeOS Flex installation screen. Follow the on-screen instructions to install ChromeOS Flex. You will be prompted to either try ChromeOS Flex or install it. Choose Install. The installation process will erase all data on the device’s internal storage. Confirm that you’ve backed up your data before proceeding. 5. Set Up ChromeOS Flex Once the installation is complete, the device will restart. Remove the USB drive when prompted. Follow the initial setup process, which includes connecting to Wi-Fi, signing in with a Google account, and configuring device settings. Best Practices and Tips # Backup Regularly: Ensure that any important data is backed up regularly, as ChromeOS Flex is designed for cloud-first usage with automatic updates and built-in security. Update Firmware: Check and update your device’s firmware to the latest version before installing ChromeOS Flex to avoid compatibility issues. Enable Developer Mode (if needed): For advanced users, enabling Developer Mode might be necessary to perform certain customisations. However, this is typically not required for most standard installations. Check Compatibility Regularly: As ChromeOS Flex evolves, periodically review the supported devices list to ensure ongoing compatibility with updates. For additional support and troubleshooting, refer to Google’s ChromeOS Flex Help Centre. Conclusion # This is somewhat tongue-in-cheek, and a little dig towards Microsoft for rolling an OS that has the potential to fail so spectacularly to make everything suck for a few days. That said, the above guide nevertheless offers a practical way to explore an alternative, especially if you’re feeling less than thrilled with the current state of Windows. Think of this article not as a comprehensive base on which to build a strategy, but rather as a chance to dip your toes into the world of alternatives. Whether you’re a knowledge worker in need of a new desktop experience or someone managing a server environment, there are secure and robust alternatives that might just be worth your time. Happy experimenting, and here’s to exploring new possibilities!

In recent days, the tech community has been grappling with the aftermath of a major outage caused by CrowdStrike. This incident resulted in significant disruptions across various enterprise Windows environments, leading to downtime and operational challenges for numerous organisations, public bodies, critical infrastructure, and more. The outage has highlighted the almost impenetrable hold Microsoft has on organisations the world over, and critically flawed Windows can be. It also highlights the importance of secure system installations, change control, and maintenance practices.. but human behaviour is harder to fix. As organisations recover and reassess their IT strategies, it's absolutely worth taking some time to consider reducing the Windows stronghold - particularly for critical services - and explore alternatives to add a little redundancy to your organisation. The below guide offers a quick and simple run-through for installing alternative operating systems on existing endpoints, be they desktop/laptop or server. Obvious heads-up This guide doesn't go into the nuances of enterprise security beyond some basic best practices. Rather, it's to offer a taste of alternatives for non-production devices for intrigued administrators, or those told by their bosses to take a few eggs out of their basket. Proceed with understanding. First up, Ubuntu # Ubuntu is widely used for both desktops and servers, and considered one of a few leading enterprise Linux distributions (others include RedHat, Suse..). Ubuntu is generally known for good compatibility with a range of devices on the market, and so makes for a nice introduction to Linux. This guide will walk you through the best practices for installing Ubuntu securely, whether setting up a workstation for knowledge workers or deploying a server for backend infrastructure. Ubuntu Desktop for knowledge workers and end users # 1. Preparing for Installation Download Ubuntu from Official Sources: Always download the latest Ubuntu ISO image from the official Ubuntu website. Verify the SHA256 checksum to ensure the integrity of the downloaded file. Create a Bootable USB: Use reliable tools like Rufus (for Windows, while you still have it eh?) or Etcher (cross-platform) to create a bootable USB drive. This ensures a clean and secure installation medium. 2. Boot from USB Drive Insert the bootable USB drive into the target device. Restart the device and boot from the USB drive. 3. Try Ubuntu Before Installing When prompted, if you'd like to have a quick test-run to ensure it boots, choose Try Ubuntu to boot into a live session. This allows you to test the system and check compatibility before installation. 4. Begin Installation Double-click the Install Ubuntu icon on the desktop to start the installation process. Installation Options: Language: Select your preferred language. Keyboard Layout: Choose the appropriate keyboard layout. Updates and Other Software: Select Download updates while installing Ubuntu to ensure that your installation is up-to-date with the latest patches. Choose Install third-party software if you need additional codecs or proprietary drivers. Installation Type: Erase Disk and Install Ubuntu: This option will delete all data on the disk and install Ubuntu. Use this if you’re setting up Ubuntu on a fresh system or replacing an existing OS. Something Else: Choose this option for custom partitioning. Recommended for advanced users who want to create separate partitions for /home, /var, /tmp, and /opt. 5. Partitioning For secure installations, it’s recommended to create separate partitions for system directories: /home: For user data. /var: For variable data such as logs. /tmp: For temporary files. /opt: For optional application software. If using LVM, choose the Use LVM with the new Ubuntu installation option for better management of disk space. Encryption: Select the option to Encrypt the new Ubuntu installation for security. This uses LUKS encryption to protect your data. 6. Complete Installation Follow the prompts to select your time zone and create a user account. After installation, remove the USB drive when prompted and reboot the device. 7. Post-Installation Configuration Update System: Immediately update your system to ensure you have the latest security patches. Use the command: sudo apt update && sudo apt upgrade -y Enable Firewall: Activate and configure the Uncomplicated Firewall (UFW) to block unnecessary incoming traffic: sudo ufw enable sudo ufw allow ssh Install Antivirus: Consider installing ClamAV or an equivalent FOSS AV to scan for malware and viruses, particularly if you interact with Windows systems. Ubuntu Server for infrastructure and userless systems # 1. Preparing for Installation Download and Verify ISO: As with the desktop version, download the latest Ubuntu Server ISO from the official source and verify its integrity. Create a Bootable USB: Use a secure method to create a bootable USB drive. 2. Configuring BIOS/UEFI Settings Secure Boot: Enable Secure Boot for added protection during the boot process. Disable Unused Hardware: While you're in BIOS, it's a good opportunity to disable unnecessary hardware to limit exposure. 3. Installation Process Minimal Installation: Choose the minimal installation option to install only essential packages. Disk Encryption: Use LVM with LUKS to encrypt your disk, ensuring data security. Custom Partitioning: Create separate partitions for /var, /tmp, and /opt to contain potential breaches. 4. Post-Installation Hardening Update System: Run system updates immediately: sudo apt update && sudo apt upgrade -y Configure Firewall: Use UFW to configure the firewall appropriately: sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw allow [your additional services] sudo ufw enable Install Fail2Ban: Protect against brute force attacks by installing and configuring Fail2Ban: sudo apt install fail2ban sudo systemctl enable fail2ban SSH Hardening: Edit the SSH configuration file (/etc/ssh/sshd_config) to enhance security: Disable root login: PermitRootLogin no Change the default port: Port 2222 (choose any unused port) Allow only specific users: AllowUsers yourusername Ensure login by password is disabled. Key based auth ensures passwords can't be guessed. 5. Regular Maintenance Automate Updates: If you haven't learned your lesson from allowing automatic updates to run amok, configure unattended upgrades to keep your system up to date automatically: sudo apt install unattended-upgrades sudo dpkg-reconfigure unattended-upgrades Monitor Logs: Regularly check system logs for suspicious activity using tools like Logwatch or setting up a SIEM system for central log intake. Next, ChromeOS Flex # Before Google acquired it, CloudReady was the leading provider of a Chromium OS-based solution that aimed to bring a lightweight, secure operating system to older hardware. Now rebranded as ChromeOS Flex, this solution continues to deliver a streamlined computing experience, particularly for repurposing outdated devices. ChromeOS Flex brings the benefits of Google's Chrome OS to a wide range of hardware, offering a modern alternative to traditional operating systems. Prerequisites # Supported Devices List Before beginning, verify that your device is compatible with ChromeOS Flex. Google maintains a list of officially supported devices on their ChromeOS Flex Supported Devices page. While ChromeOS Flex is designed to work with a broad range of hardware, checking compatibility ensures optimal performance and user experience. Unsupported (or unlisted) devices may work perfectly, or may lack functionality. Requirements USB Drive: A USB drive with at least 8GB of capacity. Backup: Ensure all important data on the target device is backed up, as the installation will erase existing data. Installation Steps # 1. Download ChromeOS Flex Visit the ChromeOS Flex website. Download the ChromeOS Flex image and follow the instructions to create a bootable USB drive. 2. Create a Bootable USB Drive Using the Chromebook Recovery Utility: Install the Chromebook Recovery Utility from the Chrome Web Store. Insert the USB drive into your computer. Open the Chromebook Recovery Utility. Click Get Started and select Chromebook or Chromebox. Click Select a model from a list, then choose Google ChromeOS Flex. Follow the prompts to create your recovery media. Using a Different Tool: Download and install a tool such as Etcher or Rufus. Select the ChromeOS Flex image file you downloaded and your USB drive. Follow the tool’s instructions to write the image to the USB drive. 3. Boot from USB Drive Insert the bootable USB drive into the target device. Power on the device and enter the BIOS/UEFI settings (usually by pressing F2, F12, ESC, or DEL during startup). Set the device to boot from the USB drive. Save the changes and reboot the device. 4. Install ChromeOS Flex Upon booting from the USB drive, you’ll be presented with a ChromeOS Flex installation screen. Follow the on-screen instructions to install ChromeOS Flex. You will be prompted to either try ChromeOS Flex or install it. Choose Install. The installation process will erase all data on the device’s internal storage. Confirm that you’ve backed up your data before proceeding. 5. Set Up ChromeOS Flex Once the installation is complete, the device will restart. Remove the USB drive when prompted. Follow the initial setup process, which includes connecting to Wi-Fi, signing in with a Google account, and configuring device settings. Best Practices and Tips # Backup Regularly: Ensure that any important data is backed up regularly, as ChromeOS Flex is designed for cloud-first usage with automatic updates and built-in security. Update Firmware: Check and update your device’s firmware to the latest version before installing ChromeOS Flex to avoid compatibility issues. Enable Developer Mode (if needed): For advanced users, enabling Developer Mode might be necessary to perform certain customisations. However, this is typically not required for most standard installations. Check Compatibility Regularly: As ChromeOS Flex evolves, periodically review the supported devices list to ensure ongoing compatibility with updates. For additional support and troubleshooting, refer to Google’s ChromeOS Flex Help Centre. Conclusion # This is somewhat tongue-in-cheek, and a little dig towards Microsoft for rolling an OS that has the potential to fail so spectacularly to make everything suck for a few days. That said, the above guide nevertheless offers a practical way to explore an alternative, especially if you’re feeling less than thrilled with the current state of Windows. Think of this article not as a comprehensive base on which to build a strategy, but rather as a chance to dip your toes into the world of alternatives. Whether you’re a knowledge worker in need of a new desktop experience or someone managing a server environment, there are secure and robust alternatives that might just be worth your time. Happy experimenting, and here’s to exploring new possibilities!

I've been supporting customers on their modern Android management journeys for several years now, and as you can imagine, the more customers you engage with, the more you notice patterns and friction points that resurface time and time again. For me, having access to system settings from within kiosk environments is one such example of those friction points, and one of the first projects for 2024 I opted to undertake after launching my QR code generator last year. Don't get me wrong, plenty of vendors in the ecosystem have Kiosk/launcher applications that will offer a solution from within their own applications, AirWatch/WS1 UEM's launcher & Knox Manage kiosk are some of the several examples of these. Recently though, and particularly with the surge of AMAPI based EMM platforms, it's become increasingly clear many do not. So, I went about designing a relatively straightforward answer - MANAGED SETTINGS. What is it? # MANAGED SETTINGS is a simple app that provides end users the ability to launch settings intents. This isn't a new concept; searching Google Play brings up many such apps. The key differentiator with MANAGED SETTINGS is the ability to toggle these various intents on and off based on the specific requirements of an organisation through managed config (and thus, the name was born). Out of the box I've aimed to support as many intents as is reasonable, omitting only those which are troublesome to support (i.e those commonly adjusted from the behaviour of AOSP across OEMs) or likely not to see any use, but over time more will be added, so too will custom intent support, allowing organisations to leverage OEM-specific intents with their managed estate without relying on me to implement and support them. As an added bonus, organisations that struggle to document and/or support the unique and sometimes confusing layouts of OEM-customised settings applications across both their company owned and personally owned estates, are able now to deploy one consistent settings app to everything. Building your documentation around an agnostic, standardised application makes the whole process quicker and more straightforward for all involved. MANAGED SETTINGS works across fully managed, dedicated, and work profile devices. When can I get it? # I'm releasing MANAGED SETTINGS as a free application on Google Play, available today. In spite of its simplicity, a lot of time and effort has been put into this, so if you'd like to support the continued development of projects like this for the betterment of the Android Ecosystem, I'm offering a licensed upgrade for MANAGED SETTINGS which offers (currently) basic customisation of the in-app experience. In an upcoming release this will extend to theming to allow organisations the option of setting a colour scheme for the MANAGED SETTINGS app that'll enable closer alignment to the organisation's brand - but I want to ensure there's demand for that before I commit to it 🙂 Get it here: If you're interested in learning more, visit the project page for an in-depth overview, support docs, and other resources. Setting expectations for support # Though I've done my best to support the breadth of Settings intents across most major Android OEMs and recent Android versions, it's well known that sometimes intents just don't work, or the OEM Settings application in general causes issues. APN is a good example of an intent that'll work on some devices, but inexplicably fails (or gives permission issues) due to the way OEMs have implemented their telephony stack. I have multiple fallbacks implemented where possible to overcome some instances where an adjusted call is required, but I don't have the resources to test every device on the market. Interestingly, tablet devices with split-screen Settings app implementations are also far more likely to inadvertently expose additional device settings due to how they're designed, and unfortunately I can't do anything to combat that. I'm more than happy to work with organisations finding issues with certain intents, and if I can resolve them I absolutely will. To touch on EMM support as well, the managed config implementation is quite basic and should be supported by all major vendors without issue, certainly confirmed so far through my testing. That said, if your vendor isn't working correctly, I'm happy to get to the bottom of it. Feel free to reach out to debug, and I hope you find MANAGED SETTINGS useful for your managed Android estate!