Can anyone help me on how to push down APNs (20+) to DO Android devices? Unfortunately these are not Samsung, so we can not use the Samsung Knox DO settings in the policy, but would have to use some scripts to be pushed by MaaS360 to configure these APN settings. Any feedback would be greatly appreciated.

Hi Beat

Great question! We came across this exact issue a few years back with a customer who has a large fleet and geographically disperse. I can think of 2 possible solutions other than the Samsung KNOX settings in policy: 

1. If the device needs the APN settings to connect to the Internet in the first place, you need a way of setting it up without device enrollment. The alternative here is for the mobile carrier / operator to push the APN settings down. There are solutions here - you can ask your mobile/cell operator to configure APNs to push down once the SIM card activates on a device. They should be able to configure the APNs for you. To do this you need to contact the mobile /cell carrier and discuss.
2. Certain device manufacturers - and this is manufacturer-specific - may provide the ability to configure APNs via OEM Config. This is where you push a specific Play Store app to the device, once enrolled, and the app is accompanied by OEMConfig settings. I described this in some detail on my previous blog here: https://login.ibm.com/oidc/sps/auth?client_id=ZWViMTcxYWYtYWNiMC00

Of course the 2nd solution requires enrollment so you might do this via WiFi and then get the APN settings downloaded. 

I don't believe there are any other solutions but this should help. 

Best

------------------------------
Eamonn O'Mahony
Client Success Manager
IBM Security
Dublin
------------------------------

Thank you Eamonn for that feedback. I have done more research and found that in order to change/add APN information root access is required. Therefore only Samsung Knox DO enrolled devices provide that functionality through their Knox Service Plugin. Alternatively some OEMs (Honeywell, Zebra) provide OEMConfig Apps that would allow for such a payload to be pushed to the phone. 

Using just a 'stock' Android this is a limitation by design for security reason.

The only other possibility as you haven notes is to have the carrier push down APNs along with the eSIM. Which is what we will be exploring with our partner next.

As always is your prompt engagement greatly appreciated.