I'll demonstrate how to set up an Android Enterprise Work Profile using Intune in this blog article. We begin by integrating Android Enterprise with Intune, turning on Android Enterprise in Intune, and setting up an Android Enterprise Work Profile. After completing these procedures, we provide select Android apps permission to be deployed to the Work profile from the Managed Google Play store. The last phase is to demonstrate the end-user experience. You may control Android devices running Android Enterprise in a variety of ways using Microsoft Intune. I'll walk you through the process of enabling Android Enterprise and setting up the Work Profile mode with Intune in this blog post.
Description
In this course, we go through the choices and procedures for enrolling Android devices in Microsoft 365.
Learning Intentions
A summary of the many enrollment possibilities for Android devices
Before adding Android devices to Microsoft 365 through Intune, learn the requirements.
Address Android Business
Anyone interested in learning more about enrolling Android devices in Microsoft 365 should take this course.
Prerequisites
You must have a fundamental grasp of Microsoft 365's Mobile Device Management.
Android Work Profile: What is it?
Android Work Profile is an Android Enterprise profile that manages business data and applications on an Android smartphone with personal capabilities. A working container is formed on the device with an Android Enterprise Work Profile, where all business apps ultimately end up. With security options like conditional access, disabling Copy and Paste operations between programs within and outside the work container, and an access passcode, you may secure this work container to safeguard business data. The following prerequisites must be met for the steps to work.
A tenant of Azure
Licenses for Microsoft EMS (E3 or E5)
•A Google account that is not linked to an MDM program
A test Android device
Fundamentally, Android Enterprise offers two management modes:
Profile owner (also known as controlled profile) - A containerized solution that sets up a work profile to support BYOD scenarios.
Device owner (or control device) - Complete device administration to support COD.
Management for employee-owned personal devices should take place via the Profile owner management mode (Work Profile management solution).
You have three choices to select from in the Device owner management mode for company-owned devices [COD] to meet your requirements as a business.
Corporate Owned, Fully Managed, often known as COBO, allows for stringent policy enforcement and comprehensive device monitoring.
Corporate Owned Personally Enabled [COPE] - A containerized approach to maintaining distinct user profiles for business and personal use on corporate devices. [Android 11 introduces several behavioural adjustments]
Corporate Owned Dedicated Devices (also known as COSUs) - These devices allow for complete device administration and may be further locked down to restrict use to a single use.
Your Managed Google Play account should be connected to Intune
The first step is to connect a Managed Google Play account that has not yet been utilized to Intune. To set this up, adhere to the procedures below.
Launch the endpoint management site.
Select Devices from the All Services menu.
Next, choose Android.
Click "Enroll in Android"
Select Managed Play (Link your managed Google Play account to Intune)
7. Check I agree
8. Click Launch Google to connect now
Click Get started
Enter your business name.
Click Next
Fill in the requested information (you can skip this, it's optional)
Check I have read and agree to the Managed Google Play agreement
Click Confirm
6. Click Complete Registration
How to Enrol Android Device into MDM with Intune Company Portal
Here are instructions for installing Intune on an Android device. Please make sure you are using the latest OS.
Tap Home > Play Store.
Search for and install the Intune Company Portal.
When prompted about app permissions, tap ACCEPT.
Next, enrol the device.
During enrollment, you might be asked to choose a category that best describes how you use your device. Your company support uses your answer to check the apps that you have access to.
Open the Company Portal app and sign in with your work or school account.
If you're prompted to accept your organization's terms and conditions, tap ACCEPT ALL.
Review what to expect in the upcoming steps. Tap ACCEPT ALL, then CONTINUE. Lastly, tap NEXT.
Depending on your version of Android, you might be prompted to allow access to certain parts of your device. These prompts are required by Google and not controlled by Microsoft.
Tap Allow for the following permissions:
Activate the device admin app.
Company Portal needs device administrator permissions to manage your device securely. Activating the app lets your organization identify possible security issues, such as repeated failed attempts to unlock your device, and respond appropriately.
On the Company Access Setup screen, check that your device is enrolled. Then tap CONTINUE
Tap DONE once the configuration is complete.
Finally, you may enrol in specific devices. The Microsoft Intune app is immediately installed on the designated devices upon enrollment. It's crucial to remember that the Microsoft Intune software cannot be deleted and is necessary for enrollment.