Managing devices with Microsoft Intune: What’s new and what’s next – my notes (Part 3 – Android)


At Microsoft Ignite this week in Florida, there were many new announcements of new capabilities in products such as Microsoft Intune. With so many new announcements it’s hard to keep up, but if you want to find out more, read on or select the part that interests you below.

This content is based on an excellent session entitled “BRK3036 – Managing devices with Microsoft Intune: What’s new and what’s next” and you can review it yourself here.

So what about Android in the Enterprise

With Android Enterprise, pre Android Lollipop (Android 5) the main way to manage an Android device was with device admin (or what’s now called legacy management). The management was limited, the end user experience was also lacking and there were gaps in security.

Starting with Lollipop, Google has really been investing in their Android solution, to make it more manageable and more secure. They created work profiles which allows you to create a protected container and since that release and onwards to Android P (Android 9) they’ve basically been depreciating device admin as a way of managing those devices, indeed the API’s used for managing device admin will be removed next year (2019) when Android Q is released.

Android has similar deployment scenarios to iOS, both BYOD and Corporate Owned. With BYOD devices, you’ve got Intune application protection without enrollment, and you’ve got Android Enterprise Work Profile and this is where you’ve got a container on the end users device that you control and protect, deploy apps to or do actions with that container. Work Profiles would be a good choice if you need to configure WiFi profiles.

For Corporate Owned devices, you have Android Enterprise Dedicated device (kiosk mode) and there’s a preview of Android Enterprise Fully Managed coming later this year.

Note that any Android device that is purchased with Android Q can no longer be managed with device admin.

Well this is all well and good, but can you show us something cool with Android ? In the demo Terrell shows how you can enroll Android devices with tokens or QR codes.

This is done by creating a device enrollment profile in Intune for Kiosk & Task Device Enrollment profiles.

So by using the QR code it makes enrolling the Android device seamless and painless for the end user.

What’s new for Android, available now

The following is what’s new for Android available now in Intune.

  • Android Enterprise Dedicated Devices (kiosk)
  • Google Play Protect for compliance
  • Android zero touch enrollment & Samsung Knox Mobile Enrollment (KME)
  • Restrict Office Apps to corporate identity via app config
  • APP Edge Browser support

Please join me in Part 4 for what’s new in Intune with Apple MAC.

until next time, adios !

This entry was posted in Android, Intune, Microsoft Ignite, MSIgnite2018. Bookmark the permalink.