The Secure Element Podcast - Episode #6 Passkeys
Hey Friends, Episode 6 of The Secure Element is live, and this month, we’re diving into Passkeys. I sat down with Harsh Lal, Senior Software Engineer for Android Authentication at Google, and co-chair for the FIDO Alliance Financial Group, to explore what this next evolution of authentication means for both personal and enterprise security. We dive into: The password problem: Why complexity rules and password reuse create “keys to the kingdom” for attackers. Hardware-backed security: How passkeys live in your device’s Secure Element, making them virtually impossible to fish or extract. Enterprise readiness: Integrating passkeys with SSO providers and how to manage them. Hybrid flows: Using your phone to securely unlock apps on your work laptop via encrypted proximity tunnels. Listen to the episode here: Deep Dive To learn more check out Harsh’s blog series which tracks the evolution of FIDO experiences on Android, and explores how passkeys work across devices via Hybrid transport to make passwordless authentication available everywhere. Drop your questions in the comments - we’d love to hear how your organisation is approaching a passwordless future! Stay secure, Burr Missed an episode? Catch up here: Episode 1: EMM Controls Episode 2: Cyber Resilience on Edge Devices Episode 3: Federal Government Device Certification Episode 4: Device Trust from Android Enterprise Episode 5: End of year recap and what’s to come
2FA sign in error at Android Zero Touch portal
I am the IT admin/owner of our Android Zero Touch instance, and I am trying to log into the portal to view and interact with devices associated with our organization. Our zero touch instance is linked with our Intune tenant, and is working correctly. I keep getting the error that my sign in was rejected because it doesn't meet my organization's 2 step verification policy and to contact my IT admin for more information. I am that IT admin, and I can't login. My login information is correct, I have our account ID, and I'm just trying to get in touch with someone to help with the login. I can't even login to support portal to get help, so I had to use my personal Google account to post this.
Intune Management Capabilities for Samsung Devices
Dear Team, Greetings, I would like to better understand the management capabilities available for Samsung Android devices, with Intune . Specifically, I am looking for clarity on whether these devices can be fully managed through Intune instead of relying on the Samsung Knox management tool, including support for application deployment, patch distribution, firmware updates, and other administrative functions. Any slides reference would be good for my internal discussion ?.[Guide] Android Security Explained
Hey friends, For years, the misconception has been that Android isn’t secure enough for sensitive environments. We want to help you flip that script. Think of the Android Security Explained Paper as your "translation layer” - a resource to help you lead high-level conversations with leadership and prove that modern Android is the secure choice for any organization. What caught our eye: The Android vs. Apple shift: This is the big one, and we’ve seen it pop up time and again in the community. Recent independent reports challenge long-held assumptions, with data bolstering Android as a leader in enterprise and government-grade security. The foundation of trust: An easy-to-understand breakdown of how security is built directly into the hardware and core OS to meet stringent global standards. Complete Enterprise control: How the Android Enterprise framework gives you the granular control to enforce strict policy and protect data. If you’re planning your 2026 strategy or need to justify a shift in your mobile strategy, this paper provides the objective, third-party validation to back up your recommendations. [Click to download the 2026 Security Explained Paper] Stay tuned - our full-length technical Security Paper will be arriving soon for a deeper dive into the architecture! Stay secure! BurrCompliance project for Android?
Hi all, For Apple (iOS/MacOS ) we use the macos security compliance project tooling (https://github.com/usnistgov/macos_security#readme) for mapping compliance guidelines. A short summary: The macOS Security Compliance Project (mSCP) is an open‑source framework that provides automated, customizable security guidance and baselines for macOS, producing documentation, audit checklists, configuration profiles, and remediation scripts. It supports major security standards, including NIST SP 800‑53, NIST SP 800‑171, DISA STIG, CNSSI 1253, CIS Benchmarks, CIS Critical Security Controls v8, CMMC 2.0 Levels 1–2, and the Netherlands BIO baseline. I haven't found such a project for Android, as anyone aware of such a project that maps security guidelines to available API's for Android Enterprise? Michel
Android Expert Forum & Feature Request
Hey As I saw that bunch of question have been left unanswered on the expert forum is no one at Google monitoring the feed? I just wanted to post it here as the conversations seem to get more traction here. Is there official thread where feature request could be sent, I have been supporting mobile device management over way over a decade and in that time I have seen all sorts of things and there would be some features that would help greatly in managing enterprise environments with Android. Couple examples: It would be great if there would be a way to deploy some contact numbers to the devices on device address book, such service desk or onsite support number. This is especially needed for dedicated devices which usually do not have any email accounts associated with them and getting common contacts deployed to all devices is quite labor intensive with the current tools. Another one is the OS update management, which is lacking quite a bit, especially as I need to do a comparison to Apple and how their new OS update delivery works, it just makes the Android one lack in features. I would really want to see that on enteprise owned device we would have an override for downloading the OS updates via mobile data, as this is huge pain point when wi-fi networks are not available on some sites, and if the end users are not the most technically savvy, it would allow us admins to at least keep the fleet to some what up to date, obviously there still would probably be some issues, but the current status of the OS update policies is lacking. Also not sure should the update installation recognize on going phones calls when it is set to do the updates in automatic mode? As initially when we tried to apply it we got bunch of notifications that the updates where triggered during a phone call. /rant Thanks,
