This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 86%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Hello,
I need to disable Face, Iris, Fingerprint unlock for Android devices.
I found that it was possible
https://eskonr.com/2020/11/the-case-of-unexplained-android-enterprise-work-profile-password-in-intune/
Now
but now these options are missing.
I know that Knox able to do this, but Knox plugin installation starts only after user will be able to set password. In my case I need to block these options for users on all kiosk mode devices.
Does anyone know how to disable it?
Or maybe someone knows how to use the OMA-URI for a ban?
Thank you.
What is the enrollment method for your devices?
Hi.
Corporate-owned dedicated devices
Manage device owner enrollments for kiosk and task devices.
Do you have this settings?
Hey,
The guide you posted covers Android Enterprise work profile which is not the same scenario you are describing. Kiosk devices are enrolled as Dedicated devices and then put in to Kiosk mode in the configuration profile.
A dedicated devices is not linked to a specific user and during initial setup of a dedicated devices I cant remember that you ever are asked to set a pin, face unlock in that scenario. If you are please tell us a bit more about your configuration and enrollment method and make sure you are enrolling it as a Dedicated Device and that you don't have another policy forcing biometric or pin on your kiosk devices.
https://learn.microsoft.com/en-us/mem/intune/enrollment/android-kiosk-enroll
As you mentioned you have the capability to enable/disable those features with Knox and OEMConfig but I have never had to disable those on a Dedicated devices.
I would suggest the following:
hope this helps, and if it does don't forget to click accept answer.
Timmy, please share you screen with setting.
I can`t find this setting.
Hello.
All my enrollment profiles are "Corporate-owned dedicated devices"
But I don`t see any options
All profiles are looks like this:
"If you are using the Kiosk mode, make sure its enabled in your configuration" where can I check it?
Tahnk you.
Yes, you can set preferences through Knox. But the problem is that Knox is installed after the setup mater.
The user is first prompted to enter a pincode, or use a biometric lock. And only then, the Knox Plugin is installed and even later the settings :)
If there is a way to not allow the user to interact with interest until all programs are installed - that would solve some of my problems :)
Including, the user can have time to go into the device settings before the Home Screen is installed.
Thank you for your participation!