Hello Everyone! We are back with another interesting new topic: “Connect Intune with Managed Google Play using Microsoft Entra Identity Account.” In this article, we will learn what Managed Google Play is and how to connect to Intune using a Microsoft Entra Identity account instead of an Enterprise Google Account.
Recently, Google has improved Android Enterprise signups and access to Google services better and easier. As part of this, we can now use your corporate email address instead of a personal/enterprise Gmail account. This will reduce the risk of deleted accounts or lost accounts. It will also enable organizations to integrate seamlessly with various Google products.
Microsoft started supporting connecting Managed Google Play using Microsoft Entra Identity Accounts from the August 2024 Service Release. Earlier, IT admins used the Enterprise Google Account to manage the Android devices enrolled with Android Enterprise in Intune.
There are different types of Android device management using Intune, and we have explained this in detail; you can refer to the following blog post to learn more about this topic – Android Enterprise Management with Intune.
Table of Contents
What is Managed Google Play?
Managed Google Play allows organizations to deploy and manage apps on devices enrolled in Android Enterprise. This will also enable users to access specific apps related to organizations. Managed Google Play is the only source of applications for Android Enterprise devices.
Once we integrate Managed Google Play with Intune, you can deploy various public apps that are available in the Google Play store. You can also add Line of Business and Web apps to Managed Google Play and sync them into Intune. Once they synchronize, we can manage the assignments from Intune.
- Enforce Users to Enroll Devices with Intune Conditional Access Policies
- Enrol Android Devices to Android for Work in Intune
Connect Manage Google Play with Microsoft Entra Identity Account
As discussed above, any organization must connect with managed Google Play to enable Android devices to enrol on Android Enterprise. To date, IT admins have created an Enterprise Google Account to connect Intune with Managed Google Play. Let’s see how we can use the Entra Identity account using the steps below.
NOTE: Binding Intune tenants using Entra Identity Accounts with Managed Google Play is only for organizations enabling Android device management using Android Enterprise for the first time or frequently disconnecting and reconnecting (not in the real world).
- Login to Microsoft Intune Admin Center
- Click Devices > Enroll devices > Android Enrollment
- Click on Managed Google Play
Now select the check box under “I grant Microsoft permission to send both user and device information to Google” and click on Launch Google to Connect now (make sure you enable popups for the browser)
Now comes the change and new way of onboarding. IT admins will be shown with the Entra ID/ admin account logged in, and you can always change the Email to a different account. It is advisable to use a Service account or Functional Account. Make sure this account has an active Mailbox.
Click Next; on the next page, click Sign in with Microsoft to continue using Entra Identity Account. If you wish to use a Gmail account, click on it or create an account with a password. When you click on Sign in With Microsoft, this will create a Google Admin account to manage Google subscriptions.
Now, the IT admin needs to provide Consent on behalf of your organization for a couple of permissions, such as Viewing users’ basic profiles and Maintaining access to data you have given it access to. Click on Accept and proceed to the next screen.
Now, we need to provide a few details about ourselves. The first and last names were prepopulated using the Entra ID account. Provide the company name, country, and communication preferences, and click on Next.
Now, we can Add various subscriptions to the admin account. These subscriptions include Google Workspace Essentials Starter, Chrome Browser Client Management, and Chrome Enterprise upgrade for Chrome OS. We can add or skip the subscriptions as per your organizational requirements.
Now, agree to Google’s terms and conditions. Once approved, click on Allow and Create. This will bind Intune to manage Android Devices and create an admin account in the Google Admin console. So, devices enrolled in Android Enterprise will have a managed Google Play store.
After a couple of minutes, you’ll be redirected to the Intune console, and you can see we have successfully bound Intune to Managed Google Play. Now, users can enrol the devices to Intune as BYOD devices using Android For Work or Corporate devices using multiple methods.
NOTE: Existing organizations can continue using existing Gmail accounts, but the current binding must be disconnected if they want to use Entra ID instead of an Enterprise Google Account. When you disconnect, the devices enrolled in Android Enterprise will be retired.
Conclusion
Once the Google admin account is created, we can remove it and add a new Entra ID account as the Google Admin in the Google admin console. This Google admin account can be used to manage Google subscriptions. I hope this will help you bind your Intune tenant with Managed Google Play. Let’s catch up on another exciting topic soon. Have a great day.
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
About Author – Narendra Kumar Malepati (Naren) has 12+ years of experience in IT, working on different MDM tools. Over the last seven years, Naren has been working on various features of Intune, including migration from different MDMs to Intune. Naren mainly focuses on Android, iOS, and MacOS.
just to confirm that all existing enrolled devices will need to be re added if this is carried out to switch from a gmail account to an entra account ?
Yes, if we switch to an Entra account from a Gmail account, all the devices will be retired, and users will have to re-enrol the devices. Microsoft might come up with an alternative solution in future.