Learn How to Create Deploy Security Policies for Android Devices using Endpoint Manager Intune? Android for Work Device Restriction Policies Deployment is nothing but the Security Policy for Android Devices. The security policies are important to secure the corporate data and applications in those devices.
In this post, we will how to create and deploy Security Policy for Android Devices via Intune blade in the Azure portal. Intune compliance policies are another set of policies that we need to set up for Android device’s security.
I have a post about setting up compliance policies for Android devices “How to Plan and Design Intune Compliance Policy for Android Devices“. Latest post – How To Configure Intune Enrollment Setup For Android Enterprise Device Management – HTMD Blog #2 (howtomanagedevices.com).
How to Create Security Policy for Android Devices
You can create Intune device restriction policy for Android for Work from Microsoft Intune – Device Configuration – Profiles – Create New Profile. I selected Android for Work as the platform and the Selection of the platform is very important.
Also, you need to select the profile type while creating Intune Configuration Restriction policy, in my scenario, it’s Device restriction policy. The name of the policy is Android Restriction policy as you can see in the video.
There are two categories to configure device restriction settings for Android for Work devices. Work profile settings and Device password are the two-setting available. Again, I won’t suggest to setup device password policy as part of configuration policy when you have a compliance policy settings for Device password.
Data sharing between work and personal profiles settings specifies whether apps in work profile can share data with apps in the personal profile. Microsoft Intune recommended value for this setting is prevent any sharing across the boundaries.
We can block the Work profile notifications while device is in a locked state. Default app permission is another Android for Work security setting. I don’t recommend to configure the password settings as part of Intune configuration policies rather password settings should be part of compliance policies for Android for Work devices.
Deploy Security Policy for Android Devices
Deploying Android for Work device restriction policy is straight forward. But it’s important to take care some of the points before deploying Security Policy for Android devices. Click on assignment after settings up the policy and select the AAD User/Device group.
Click on the Save button and you are done. The best-recommended way is to assign policies to the Azure AD dynamic device group for Android devices. However, the AAD device groups are still in preview; we may better off using user groups for deploying device restriction policies to Android Devices.
One thing to remember is that you can’t apply Android device platform policies to Android for Work devices. You should rather use Android for Work device platform policies for A4W. Another useful option while deploying device restriction policies in Intune is EXCLUDE option.
This is very useful when you want to exclude some of the devices or users from this particular security policies. Learn How to Create Deploy Security Policies for Android Devices using Endpoint Manager Intune?
User Experience of Security Policy for Android devices
The user experience of Android for Work devices can vary depending upon the manufacturers of the devices. As I mentioned in the previous post here, Samsung and Nexus are the best-experienced devices which I tested till now.
But I would admit the user experience of Android for Work is far better than Android devices! As Android devices have different variants, it’s better to make sure all the Security Policy for Android devices experience is nice for all the manufacturers. Learn How to Create Deploy Security Policies for Android Devices using Endpoint Manager Intune?