Android for work is always an exciting topic for me. I’m a fan boy of android devices 🙂 I started testing Intune + SCCM MDM management with Android device back in 2014, you can refer to that post here. I was eagerly waiting for “Android for Work” support with Intune. Few months back, Microsoft announced the Intune’s supportability towards Android for Work (A4W). Since then I was waiting for an A4W supported device 😉 Yes, that means all the android devices are not supported A4W. Here is the list of A4W supported devices from Google.
More detailed explanation in the above video or you can click here
In this post I will try to cover prerequisites of Android for Work, Intune portal admin configurations, Add Google play apps to Google for Work, Android for Work Device enrollment, Work profile creation and Removal of Android for work profile. First of all you need to create a baseline of Android devices which you want to support in your environment. Following are some of the points which we need to take care as part of Android for Work implementation:-
Preparation Work – Android for Work Admin configurations:
- Devices with Android 5.0 Lollipop and later will only have work profile and Android for work support as per Google. This is nothing to do with Microsoft and Intune.
- Some of the Android for Work settings are available only for Android 6.0 and later.
- It’s important to understand Android for Work does NOT support all android devices in the market- list of supported devices –here.
- Bind your Intune and Google for Work account from Silverlight Intune portal. Because Azure Intune blade is not enlightened with this feature yet.
- Create a Google account or use existing account to sign up for Android for Work with EMM provider. More details here
- Add applications from Google Play to Google for Work store and then sync these apps to Intune. You can click on Sync button in Intune console to initiate a new sync between Intune and Google store for work.
- Sync the apps from Intune console – Admin > Mobile Device Management > Android for Work. After Sync the apps will be visible under – Intune console – Apps – Volume Purchased app
- I recommend to use following option after the pilot testing in your production environment. Enable the option “Manage supported devices as Android for Work – (Enabled) All devices that support Android for Work are enrolled as Android for Work devices. Any Android device that does not support Android for Work is enrolled as a conventional Android device”. Only caveat is that we don’t have option to restrict the devices which are NOT supported by Android for Work from enrolling into Intune.
Notes from the Field – Android for Work security policies :-
- As an initial release Intune out of box “Security and Work profile policies are very limited for A4W”. I suppose you have to use the combination of A4W and Android policies together to support Android devices in your organization.
- OMA URI custom policies are supported with A4W. However only few options are supported by custom policies along with Intune. I know only 2 policies which are supported by this feature and those are WiFi and VPN profiles. More details here.
- To upload LOB apps to Google Store for Work – we need to have access to developer console $25 – https://play.google.com/apps/publish/signup/
- Enrollment of Android for work devices is straight forward as for the normal Android device enrollment for the first part of it. Second part is more towards, logging into Intune company portal from Android for Work context and continue the process of enrollment.
- Work profile on Android devices will get created via Intune company portal enrollment. This will happen only for Android for Work supported devices. If you have a device which is not supported for Android for Work by Google then the enrollment won’t create work profile etc… it will be normal enrollment.
How to enroll devices to Android for Work
How to sync Google play for Work app store with Intune
How to create work profile for Android devices
How to complete configuration task to support Android for Work with Intune