Let’s learn how to Create and Deploy Security Policies for Android Devices using Intune. Android for Work Device Restriction Policies Deployment is the Security Policy for Android Devices. Security policies are important to secure the corporate data and applications on those devices.
In this post, we will explain how to create and deploy security policies for Android devices using the Intune blade in the Azure portal. These security policies help protect your devices and data.
Additionally, we will cover Intune compliance policies, which are crucial for ensuring your Android devices meet your organization’s security standards. Follow along to learn the steps for setting up both types of policies to enhance the security of your Android devices.
I have a post about setting up compliance policies for Android devices “How to Plan and Design Intune Compliance Policy for Android Devices“. Latest post – How To Configure Intune Enrollment Setup For Android Enterprise Device Management.
- Intune Create Device Restriction Policy Profiles Deploy Security Policies to Windows 10 Devices
- Intune SCEP HTTP Errors Troubleshooting Made Easy
- New Device Restriction Settings Available in Apple Settings Catalog
- Additional App Configuration Permissions for Android Apps
- Microsoft Intune Extends Support to Android 10 and Later from October 2024
Table of Contents
Learn How to Create and Deploy Security Policies for Android Devices using Intune
You can create the Intune device restriction policy for Android for Work from Microsoft Intune – Device Configuration profiles – Create New Profile. I selected Android for Work as the platform, and the platform selection is very important.
Also, it would help if you had to select the profile type while creating an Intune Configuration Restriction policy. In my scenario, it’s the Device restriction policy, which is named the Android Restriction policy, as seen in the video.
Platform | Profile Type |
---|---|
Android for Work | Device Restrictions |
There are two categories for configuring device restriction settings for Android: Work profile settings and Device password. Again, I won’t suggest setting up a device password policy as part of the configuration policy when you have a compliance policy setting for the Device password.
Data sharing between work and personal profile settings specify whether work profiles can share data with apps in the personal profile. Microsoft Intune recommended that the value of this setting is to prevent any sharing across boundaries.
We can block the Work profile notifications while the device is locked. Default app permission is another Android for the Work security setting. I don’t recommend configuring the password settings as part of Intune configuration policies. Password settings should be part of compliance policies for Android for Work devices.
Deploy Security Policy for Android Devices
Deploying the Android for Work device restriction policy is straightforward. However, it’s essential to consider some of the points before deploying the security policy for Android devices. After setting up the policy, click on the assignment and select the AAD User/Device group.
Click on the Save button, ton and you are done. The best-recommended way is to assign policies to the Azure AD dynamic device group for Android devices. However, the AAD device groups are still in preview; we may be better off using user group deploy device restriction policies for Android devices.
One thing to remember is that you can’t apply Android device platform policies to Android for Work devices. You should instead use Android for Work device platform policies for A4W. The EXCLUDE option is another helpful option while deploying device restriction policies in Intune.
This is useful when excluding devices or users from these security policies.
User Experience of Security Policy for Android Devices
The user experience of Android for Work devices can vary depending on the manufacturer of the devices. As mentioned in the previous post, Samsung and Nexus are the best-experienced devices I have tested.
But I would admit the user experience of Android for Work is far better than that of an Android device! As Android devices have different variants, it’s better to ensure that all the security policies for the Android device experience are excellent for all manufacturers.
Resources
Intune SCEP HTTP Errors Troubleshooting Made Easy With Joy
How To Configure Intune Enrollment Setup For Android Enterprise Device Management
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His primary focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.