Intune How to Enroll Android for Work Supported Devices for Management | Google Play Store for Work? Android for Work enrollment to Enterprise Mobility Management (EMM) solution or Intune is a bit different if you compare it with iOS and Windows device enrollment.
This difference is not because of your EMM solution rather this is the process/framework Google implemented to complete Android for Work enrollment. We need to configure Intune to support Android for Work, and I have a post that explains the prerequisites. More details here.
Video Intune How to Enroll Android for Work Supported Devices?
Android for Work Enrollment process experience has explained in the video here
Details Google Play Store for Work
First of all, we need to make sure that the Android for Work (A4W) is enabled for your Intune tenant and then configure your Intune to support A4W. Do you want to allow the only android for work-supported devices to enroll into Intune? This option is not available as out of the box in Intune.
I’m sure Microsoft will come up with a new option in the new Azure portal as I noted here in the previous blog post about the enrollment restriction rule in Intune. Android for Work is currently supported on devices running Android 5.0 Lollipop and later that support a work profile.
The second step is to ensure that you have configured Android for Work configuration policies in Intune along with Android configuration policies. There are different sets of policies in Intune which only support Android for Work.
Intune Compliance policies are the same for “Classic” Android management and Android for Work management. If you are planning to deploy VPN and Wi-Fi profiles to Android for Work supported devices then, there are some custom configuration policies (OMA-URI) that are supported by Intune.
Android for Work?
As a third step, you need to confirm whether your device has support for “Android for Work” or not. Where is the list of Android for Work supported devices? OK, no worries Google has already published the list here.
If your device has not supported then, Intune will automatically enroll the device for “classic” Android management. So you won’t be able to see any work profile is being created on your phone. Intune How to Enroll Android for Work Supported Devices for Management | Google Play Store for Work?
Once you have identified that the device you are trying to enroll in is supported then, the process is to open “Google Play Store” and Install Intune company portal. Once the company portal is installed, you can log in to the portal with your corporate credentials, it will start the first phase of the setup and that is creating a Work profile for Android.
Once the Work profile has been created then, the company portal application will ask you to go to the Work profile and launch the company portal from the work profile to continue setup. So you need to log in to the company portal twice as part of Android for work enrollment.
The work profile will be controlled by an organization in which you have enrolled, and the Company Portal app will have access to Work profile-related data.
Half of the enrollment process has completed in the above step. Intune company portal application initiated the creation of the work profile. Once the work profile has been created then, you need to log in to another instance of the company portal app which resides in the work profile.
The company portal app in the work profile does the 2nd half of the enrollment process. The company portal helps the device to complete Work Place Join, Azure AD Join, and Intune enrollment as you can see in the above video.
Google Play Store for Work
Once you complete the Company access setup then, you can access company resources and apps depending on the Conditional access, compliance, and configuration policies. The android device must be in compliance with compliance policies and it should also meet the conditions mentioned in the conditional access policies by the Intune Admin.
Once everything ok then, you can browse the applications from “Google Play Store for Work“. Browse and install applications from the Google play store for work. I will cover the Android application deployment scenarios in an upcoming blog here (coming soon).
Outlook is one of the applications you can directly deploy as “available” or “required” from Intune portal. Once the Outlook app has installed then, you can directly configure your official mail without any particular configuration. Email profile deployment via Intune has not required for automatic corporate mail configuration.
You just need to put in the email ID, no other configuration is required, rather everything is automatically configured. You can add applications to the google play store for work with the existing Gmail account as I mentioned in the blog post here. Once these apps are synced with Intune then, you can deploy these apps to groups.
- Manage Android for Work devices with Intune – here
- Android for Work details from Google – here