top of page
Image by Thought Catalog

Post Details

  • ALIF Consulting

How to set up an Android work profile in Intune.

About Alif: Alif empowers Microsoft MSP-CSP partners to provide exceptional IT services to their clients to ensure that the partners reduce their costs and focus on their business. We provide white-labeled managed services for technologies like Microsoft Azure, Microsoft 365, Microsoft Dynamics 365, Microsoft Security, SharePoint, Power Platform, SQL, Azure DevOps, and a lot more. Our headquarter is in Pune, India where we work with over 50 partners across the globe that trust us with their client delivery.


I'll demonstrate how to set up an Android Enterprise Work Profile using Intune in this blog article. We begin by integrating Android Enterprise with Intune, turning on Android Enterprise in Intune, and setting up an Android Enterprise Work Profile. After completing these procedures, we provide select Android apps permission to be deployed to the Work profile from the Managed Google Play store. The last phase is to demonstrate the end-user experience. You may control Android devices running Android Enterprise in a variety of ways using Microsoft Intune. I'll walk you through the process of enabling Android Enterprise and setting up the Work Profile mode with Intune in this blog post.


Description

We go through the choices and procedures for enrolling Android devices in Microsoft 365 in this course.

Learning Intentions

  • A summary of the many enrollment possibilities for Android devices

  • Before adding Android devices to Microsoft 365 through Intune, learn the requirements.

  • Address Android Business

Anyone interested in learning more about enrolling Android devices in Microsoft 365 should take this course.

Prerequisites

You must have a fundamental grasp of Microsoft 365's Mobile Device Management.



Android Work Profile: What is it?

Android Work Profile is an Android Enterprise profile for managing business data and applications on an Android smartphone with personal capabilities. A working container is formed on the device with an Android Enterprise Work Profile, where all business apps ultimately end up. With security options like conditional access, disabling Copy and Paste operations between programs within and outside the work container, and an access passcode, you may secure this work container to safeguard business data. The following prerequisites must be met for the steps to work.

  • A tenant of Azure

  • Licenses for Microsoft EMS (E3 or E5)

  • •A Google account that is not linked to an MDM program

  • A test Android device

  • Fundamentally, Android Enterprise offers two management modes:

  • Profile owner (also known as controlled profile) - Containerized solution that sets up a work profile to support BYOD scenarios.

  • Device owner (or controlled device) - Complete device administration to support COD.

  • Management for employee-owned personal devices should take place via the Profile owner management mode (Work Profile management solution).

  • You have three choices to select from in the Device owner management mode for company-owned devices [COD] to meet your requirements as a business.

  • Corporate Owned Fully Managed, often known as COBO, allows for stringent policy enforcement and comprehensive device monitoring.

  • Corporate Owned Personally Enabled [COPE] - A containerized approach to maintaining distinct user profiles for business and personal use on corporate devices. [Android 11 introduces several behavioral adjustments]

  • Corporate Owned Dedicated Devices (also known as COSUs) - These devices allow for complete device administration and may be further locked down to restrict use to a single use.


Your Managed Google Play account should be connected to Intune.

The first step is to connect a Managed Google Play account that has not yet been utilized to Intune. To set this up, adhere to the procedures below.

  1. launch the endpoint management site.

  2. endpoint.microsoft.com 2.

  3. Select Devices from the All Services menu.

  4. Next, choose Android.

  5. Click "Enroll in Android"

  6. Select Managed Play (Link your managed Google Play account to Intune)

7. Check I agree

8. Click Launch Google to connect now


Click Get started


  1. Enter your business name

  2. Click Next

  3. Fill in the requested information (you can skip this, it`s optional)

  4. Check I have read and agree to the Managed Google Play agreement

  5. Click Confirm


6. Click Complete Registration

How to Enrol Android Device into MDM with Intune Company Portal

Here are instructions for installing Intune on an android device. Please make sure you are on the latest OS.

  • Tap Home > Play Store.

  • Search for and install Intune Company Portal.


  • When prompted about app permissions, tap ACCEPT.

  • Next enroll the device

During enrollment, you might be asked to choose a category that best describes how you use your device. Your company support uses your answer to check the apps that you have access to.

  • Open the Company Portal app and sign in with your work or school account.

  • If you're prompted to accept your organization's terms and conditions, tap ACCEPT ALL.

  • Review what to expect in the upcoming steps. Tap ACCEPT ALL, then CONTINUE. Lastly, tap NEXT


  • Depending on your version of Android, you might be prompted to allow access to certain parts of your device. These prompts are required by Google and not controlled by Microsoft.

Tap Allow for the following permissions:

Activate the device admin app.

  • Company Portal needs device administrator permissions to securely manage your device. Activating the app lets your organization identify possible security issues, such as repeated failed attempts to unlock your device, and respond appropriately.


  • On the Company Access Setup screen, check that your device is enrolled. Then tap CONTINUE


  • Tap DONE once the configuration is complete.


Finally, you may enroll the specific devices. The Microsoft Intune app is immediately installed on the designated devices upon enrollment. It's crucial to remember that the Microsoft Intune software cannot be deleted and is necessary for enrollment

10 views0 comments
bottom of page