Introduction

These are my notes about a session I’ve attended at Microsoft Ignite 2019, you can review the recording for this session here. I’ve split this blog post up into different parts as there is just so much content to be covered.

• Part 1 – Partnerships
• Part 2 – Deployment Scenarios
• Part 3 – Dedicated Device Management
• Part 4 – Coming soon and what’s new

My goal with blogging this is to make sure I didn’t miss anything and to understand all the new capabilities properly and of course, to help you understand it too.

In the following screenshot, you can see an overview of Android Enterprise Dedicated device management and what is supports.

Dedicated devices are supported for quite some time in Intune, this scenario is tailor made for devices that are deployed into specific use cases, and there are many customers using this in logistics, factory floors and locked down user less experiences where you really want to control the usage of that device to one or two apps and to prevent the end user from getting into settings and changing anything.

This is supported on Android 6+ devices with Google services. One of the things that works great is the highly configurable home screen experience via Managed Home Screen app when you lock one of these devices into Kiosk mode and there are a number of customization’s and configurations available in the Intune console.

A common request on these devices is for Certificate Support,for example SCEP certificates for WiFi connections and this is not available today but it’s coming in the November release of Microsoft Intune (rolling out now, the code is complete).

In addition, Intune has added support for System Applications on these devices. You can enable pre-installed applications on these devices in order to configure them for whatever workload they are designed for. You can also enable Kiosk drop-out code if you want to remove a device from being in Kiosk mode, simply enter the defined PIN.

Zebra devices

In terms of Zebra devices Microsoft has built new capabilities into Intune to allow you to manage these devices specifically and in 2019, Microsoft announced support for Device Admin/MX management, this means that if you have an older Android device (legacy) that doesn’t support GMS (Google Managed Services) you can still manage them in Intune.You would use the Zebra StageNow to generate configurations, publish them and push them to your Zebra devices.

For devices that do support GMS you can enroll them as dedicated and use support for Zebra OEMConfig.

OEMConfig

OEMConfig is a really powerful way to allow management of OEM-specific features beyond the Android platform. The Android platform has it’s own settings, which Intune let’s you manage, but what if the device manufacturer has added their own features, well you can use OEMConfig to control those OEM specific features.

OEMConfig allows you to dynamically list a list of settings available from the OEM in the Intune console. It also provides true day 0 support for any new OEM features. It’s available (if supported by the OEM) for the the following scenarios:

• Work profile
• Dedicated
• Fully managed

Below you can see how Chris configured an OEMConfig profile for Zebra TC devices in the Intune console.

And here you can see how to configure the 24 hour clock mode.

And below you can see a Zebra managed device with custom branding and the 24 hour clock configured with OEMConfig.

This device has system applications that come from the manufacturer and public store  apps and it has the capability to do LOB applications as well.

Samsung Knox OEMConfig

Below you can see some of the the settings available in OEMConfig for Samsung KNOX.

You can go ahead and configure things like APN configuration, PAC control (Proxy Auto Config), and similar things that are unique to the Samsung Knox system.