We have a business that is largely iOS and Android, making up for 60% of the devices we manage. Androids we have issues that when deploying via intune it requires the end user to turn on the app to get DNS filtering running which in a corporate setting is not ideal, we have engineers that wont turn this on they just take the device and use them, a workaround as the moment is when we do a device handover there is a ticksheet saying they've turned it on. We've controlled removing the vpn etc so thats fine its that initial turn on thats problematic. The same is the case with iOS which ive done less testing for. Android also has a unique issue iOS doesnt that we cant set a hostname for the device without doing so via manual registration, and then DNSFilter gives the device an arbitrary hostname with metadata that does not relate at all to the device info on the device nor in intune.