Cannot activate email client as a device admin app during account setup
Last updated July 26th, 2023
Categories:
Environment
- Knox Platform for Enterprise (KPE)
- Knox Manage (KM)
- Knox Service Plugin (KSP)
- Android Enterprise
Overview
When a user is configuring an account on an email client, they are requested to activate the client as a Device Admin App. If the device is enrolled as an Android Enterprise device with an EMM, they may encounter the message “Security policy prevents enabling device administrators” when the activation is attempted.
Cause
The ability to activate Device Admin Apps is disabled by default. In order to grant this permission, the email client package name must be added to an allowlist in Knox Service Plugin prior to setting up the email account.
Resolution
To configure the Device Admin allowlisting policy in KSP go to:
-
Device-wide policies > Device Admin allowlisting.
-
Set Enable device admin controls to Enable.
-
Enter the email client package name in Allowlisted DAs.
-
Save and publish the KSP policy.
On this page
Is this page helpful?