In this blog, I’ll show how to configure the Android Enterprise platform for use with Intune Device management. Let’s Configure Intune Enrollment Setup for Android Enterprise Device management. You can manage Android Enterprise corporate-owned devices with Microsoft Endpoint Manager Intune. The Android work profile is a single-user device intended for corporate and personal use.
Google made sure the segregation between corporate vs personal data. With this segregation, End users can keep their work and personal data separated. Intune Admins can control some settings and features for the entire device, including the following:
- Setting requirements for the device password
- Controlling Bluetooth and data roaming
- Configuring factory reset protection
Prerequisite : Recommend to use new Google Account instead of using any existing account for signup with Google Enterprise play Store.
Intune Enrollment Setup for Android Enterprise
Let’s dive into Intune Enrollment Setup for Android Enterprise configurations from Intune admin perspective.
- Step 1: Open the Microsoft Endpoint Manager admin center portal https://endpoint.microsoft.com/
- Step 2: Select Devices -> Enroll devices under Device enrollment section
Step 3: Select Android enrollment and click Managed Google Play (Link your managed Google Play account to Intune)
- Step 4: In Managed Google Play Tab, Select the I agree checkbox to grant Microsoft permission.
- Click Launch Google to connect now to open the Google Play’s Android Enterprise portal.
- Step 5: Select SIGN IN
- Step 6: Enter the Google Account account for signup with Google Enterprise play Store, Click Next
- Step 6: Enter the <Password> of the Gmail account, Click Next
- Step 7: Provide the Organization (Business name) Information, Click Next
- Step 8: Enter Data Protection Officer and EU Representative details (This information is Optional or click Confirm),
- Select I have read and agree to the Managed Google Play agreement, click Confirm
- Step 9: Click Complete Registration
- Step 10: The Setup is completed successfully.
Note: If the Setup does not proceed and it does not return to the Intune Portal, we may try to reregister again with the new google account.
Enable Personal device with work profile
In this section, I’ll show how to manage personal enrollments with work profile
- Step 1: Open the Microsoft Endpoint Manager admin center portal https://endpoint.microsoft.com/
- Step 2: Select Devices -> Enroll devices under Device enrollment section
- Step 3: Select Android enrollment and click Personally-owned devices with work profile
- Step 4: Click on Learn more about Enrollment restriction. The page will redirected to Enrollment restriction
- Step 5: Select All Users in Devices type restriction sections
- Step 6: Select Properties and click Edit
Note: The Device type restriction policy to be applied to independently for any Azure AD group member based on your requirement
- Step 7: Review the default settings for Android device administrator and click Allow for Android Enterprise (Work profile) and then click Review + Save
Note: The device enrollment will be restricted based on the OS versions and Android Manufactures (comma separated to add another manufactures)
Successfully Configured the Android Enterprise device enrollment.
Resources
- MS Reference: https://docs.microsoft.com/en-us/mem/intune/enrollment/android-enroll-device-administrator
- More about Intune: https://www.youtube.com/playlist?list=PL67vGzo-INWO_0e-iSXsMHoRwB1mrTvU4
- Validate Azure AD Dynamic Group Rules | Intune