In this exercise, I’ll show how to enroll Android Enterprise Personally Owned with Work Profile (BYOD) in Intune. There are four types of Android enterprise set up to be configured. Based on your environment, you can choose the setup.
Google stopped supporting of Android device Admin (Legacy) feature for the new Android OS. That means Google no longer supports the traditional way of managing Android devices. Starting from Android OS 10, we need to use the Android Enterprise to start managing the Android devices.
With Microsoft Endpoint Manager (aka Intune) with Android management, we have four deployment types, Personally-owned with a work profile (BYOD), Dedicated (Corporate Owned kiosk devices), Full managed (Corporate Owned), Corporate-owned with a work profile (Corporate owned device with personal use).
About Android Enterprise
- Android Enterprise personally-owned with a work profile: For personal devices granted permission to access corporate data. Admins can manage work accounts, apps, and data. Personal data on the device is kept separate from work data, and admins don’t control personal settings or data. Post device enrollment will create the ‘sandbox’ between corporate data and personal data.
- Android Enterprise dedicated: For corporate-owned, single-use devices, such as digital signage, ticket printing, or inventory management. Admins lock down the usage of a device for a limited set of apps and web links. It also prevents users from adding other apps or taking other actions on the device. This is options can be used for bar code scanners in kiosks, dedicated setup for product-based devices. These devices are enrolled into Intune without a user account and are not associated with any end-user. Devices must run a distribution of Android that has Google Mobile Services (GMS) connectivity. Devices must have GMS available and must be able to connect to GMS.
- Android Enterprise fully managed: For corporate-owned, single-user devices used exclusively for work and not personal use. Admins can manage the entire device and enforce policy controls unavailable to personally-owned/corporate-owned work profiles. The Android device will be issued, and MDM managed by your organization. No ‘sandbox’ between Corporate data and personal data. Prevent users from factory resetting devices, and so on.
- Android Enterprise corporate-owned with a work profile: For corporate-owned, single-user devices intended for corporate and personal use. Configuring factory reset protection and Controlling Bluetooth and data roaming.
About Android Device Administrator
Android device administrator, including Samsung Knox Standard devices and Zebra devices. In areas where Android Enterprise is available, Google encourages movement off device administrator (DA) management by decreasing its management support in new Android releases. However, where Android Enterprise or Google Mobile Services (GMS) are unavailable, you’ll want to use the device administrator and familiarize yourself with these changes.
How to Enroll the Android device
The below steps are explain how to enroll the Android device into Android Enterprise personally-owned with a work profile.
Note: The below screen short will be similar for most the Android devices but will very for fewer models.
Step 1: Open the Play Store
Step 2: Search for Company portal application and Click Install
Step 3: Open the Company Portal by click Open option
Step 4: Click SIGN IN tab
Step 5: Enter the User name and click Next
Step 6: Enter the Password and click Sign in
Step 7: Click BEGIN to Create work profile
Step 8: Click Continue
Step 9: Click Accept & Continue
Step 10: Click Next to continue the setup
Setup is in progress
Step 11: Click Continue to Activate work profile
Registering the device into Endpoint manager portal
Step 12: This is optional requirement, based on your setup select the categories. Click Done
Step 12: The enrollment is completed, Click Done
The Android Enterprise personally-owned with a work profile is successfull.
The Work profile is configured successfully, the work profile icons are in locked sign.