BlackBerry UEM Client for Android known issues
BlackBerry UEM Client
for Android
known issuesWhen a Samsung device user tries to activate using the Android Enterprise Work and personal - full control activation type, if the screen is locked (for example, the user manually locks the device or the screen times out) or if the device restarts before the activation process completes, when the user unlocks the device, the device is stuck at a blank screen. (EMA-19102)Workaround : Reset the device from the Android Recovery menu, then activate again and make sure the device does not lock or restart during the activation process. |
If you enable Knox DualDAR encryption and select the encryption app in the assigned activation profile, when a Samsung device user tries to activate using the Android Enterprise Work and personal - full control activation type, the activation does not complete as expected. (EMA-19100) |
As of UEM Client version 12.45.0.158273, if a user is assigned an Intercede user credential profile and an enterprise connectivity profile with "Container wide VPN" enabled, by default the UEM Client will route container wide VPN traffic through BlackBerry Secure Connect Plus to UEM . If you remove the Intercede user credential profile from a user with an Android Enterprise activation type, the user's device will continue to route VPN traffic through BlackBerry Secure Connect Plus to UEM instead of using a direct connection to UEM . (EMA-19065)Workaround : Add the UEM Client to the restricted apps list in the enterprise connectivity profile. |
As of UEM Client version 12.45.0.158273, if a user is assigned an Intercede user credential profile and an enterprise connectivity profile with "Container wide VPN" enabled, by default the UEM Client will route container wide VPN traffic through BlackBerry Secure Connect Plus to UEM . On Pixel devices, if you assign the Intercede user credential profile to the user after they activate with an Android Enterprise activation type, the user's device will continue to route VPN traffic directly to UEM instead of routing it through BlackBerry Secure Connect Plus . (EMA-19060) |
If you assign an IT policy to users with the Password complexity level and Password expiration rules configured for Android devices (work and personal), Samsung devices with Android 15 or later and the "Work and personal - user privacy (Android Enterprise with work profile)" activation type will be out of compliance after the user opens the UEM Client , and the user must change their password to satisfy the configured rules. In the same scenario on Samsung devices with Android 14 or earlier, the user can dismiss the prompt and is not forced to change their password. (EMA-19038) |
Samsung devices with an Android Enterprise activation type that are configured to use BlackBerry Secure Connect Plus are not able to use a direct connection to UEM if BlackBerry Secure Connect Plus is not available or if the BlackBerry Connectivity app is not working as expected. This impacts only Samsung devices with one of the following configurations:
(EMA-19034) |
After deactivating a Samsung device that was activated with the MDM controls activation type (with the Samsung Knox option enabled), and you try to reactivate it, a "Unknown error: 4025" error message appears if the administrator had assigned a system certificate that's typically pre-installed on the device (such as DigiCert Global Root CA) prior to activation. (EMA-18302) Workaround : In the device Settings > View security certificates menu, enable the system certificates (such as DigiCert Global Root CA). |
When activating a device in a dark site environment with the Work space only ( Android Enterprise ) activation type, if the device uses the Samsung SVPN application, it does not activate successfully. (EMA-17497) |
On some Samsung devices that were activated on Android 12, the IT policy that is assigned to the device is not correctly applied after upgrading to Android 13. (EMA-17465) Workaround : Reactivate the device. |
You might not be able to use Knox Mobile Enrollment to activate Samsung Galaxy A52 or Samsung Galaxy XCover devices running Android 11. (EMA-17342) |
On Samsung devices running Android 11 activated with the Work space only (Android Enterprise ) activation type, Wi-Fi profiles that are configured with a shared certificate are not saved to the device. (EMA-16909) |
On Samsung devices running Android 12, if the "Send usage and diagnostic data" setting is enabled on the device but your administrator assigned a policy rule to disable it, the "Based on the admin policy set for your phone, the following policy has been withdrawn: Sending of Diagnostic Data." warning message appears. (EMA-16746) |
During activation, the user must set a complex password for the work space even though the IT policy is set to numeric or alphanumeric. (EMA-16254) |
When activating a Samsung Knox device, if the screen times out at the Knox license activation screen, the activation is not successful when you try to continue. (EMA-16046) |
On some European models of Samsung devices running Android 11, the device Welcome screen appears during activation when using the Work and personal - full control (Android Enterprise fully managed device with a work profile) activation type. The device is activated correctly and the user can follow device setup screens. (EMA-16014) |
On some Samsung devices that are activated using the Work and personal - full control (Android Enterprise fully managed device with a work profile) activation type, after upgrading to Android 11, the compliance profile incorrectly restricts apps in the personal space. (EMA-15960) |
On Samsung devices activated with the Work and personal - full control (Android Enterprise fully managed device) non-premium activation type, when an administrator unassigns an app, the app isn’t uninstalled but is instead grayed out and cannot be opened. (EMA-14851)Workaround : On the device, manually uninstall the app. |
If the UEM Client is set as the authentication delegate for BlackBerry
Dynamics , and a compliance profile is assigned to users with the "Rooted OS or failed Knox attestation" compliance rule enabled, when the UEM Client is locked due to inactivity and the user enters their password to log in to a BlackBerry
Dynamics app, the password is not accepted. The user is returned to the login screen but the password field is greyed out. (GD-67251) |