Beginners Guide Intune Android for Work Google Play for Work Setup Endpoint Manager | MEM

Beginners Guide Intune Android for Work Google Play for Work Setup Endpoint Manager | MEM? Android for work is always an exciting topic for me. I’m a fanboy of android devices 🙂 I started testing Intune + SCCM MDM management with Android devices back in 2014, you can refer to that post here. I was eagerly waiting for “Android for Work” support with Intune.

A few months back, Microsoft announced Intune’s supportability for Android for Work (A4W). Since then I was waiting for an A4W supported device 😉 Yes, that means all the android devices are not supported by A4W. Here is the list of A4W supported devices from Google.

Latest Post How to Configure Intune Enrollment Setup for Android Enterprise Device management

Video

A more detailed explanation is in the above video or you can click here

Beginners Guide Intune Android for Work Google Play for Work Setup

In this post, I will try to cover the prerequisites of Android for Work, Intune portal admin configurations, Add Google play apps to Google for Work, Android for Work Device enrollment, Work profile creation, and Removal of Android for the work profile.

First of all, you need to create a baseline of Android devices which you want to support in your environment. Following are some of the points which we need to take care of as part of the Android for Work implementation:-

Beginners Guide Intune Android for Work Google Play for Work Setup Endpoint Manager | MEM
Beginners Guide Intune Android for Work Google Play for Work Setup Endpoint Manager | MEM

Preparation Work – Android for Work Admin configurations:

  • Devices with Android 5.0 Lollipop and later will only have work profile and Android for work support as per Google. This is nothing to do with Microsoft and Intune.
  • Some of the Android for Work settings are available only for Android 6.0 and later.
  • It’s important to understand Android for Work does NOT support all android devices in the market- a list of supported devices -is here.
  • Bind your Intune and Google for Work account from the Silverlight Intune portal. Because Azure Intune blade is not enlightened with this feature yet.
  • Create a Google account or use an existing account to sign up for Android for Work with the EMM provider. More details here
  • Add applications from Google Play to Google for Work store and then sync these apps to Intune. You can click on the Sync button in Intune console to initiate a new sync between Intune and Google store for work.
  • Sync the apps from Intune console – Admin > Mobile Device Management > Android for Work. After Sync the apps will be visible under – Intune console – Apps – Volume Purchased app
Beginners Guide Intune Android for Work Google Play for Work Setup Endpoint Manager | MEM
Beginners Guide Intune Android for Work Google Play for Work Setup Endpoint Manager | MEM
  • I recommend using the following option after the pilot testing in your production environment. Enable the option “Manage supported devices as Android for Work – (Enabled) All devices that support Android for Work are enrolled as Android for Work devices. Any Android device that does not support Android for Work is enrolled as a conventional Android device”.
  • The only caveat is that we don’t have the option to restrict the devices which are NOT supported by Android for Work from enrolling into Intune. Beginners Guide Intune Android for Work Google Play for Work Setup Endpoint Manager | MEM?

Notes from the Field – Android for Work security policies:-

  • As an initial release Intune out of the box “Security and Work profile policies are very limited for A4W”. I suppose you have to use the combination of A4W and Android policies together to support Android devices in your organization.
  • OMA URI custom policies are supported with A4W. However, only a few options are supported by custom policies along with Intune. I know only 2 policies that are supported by this feature and those are WiFi and VPN profiles. More details here.
  • To upload LOB apps to Google Store for Work – we need to have access to the developer console $25 – https://play.google.com/apps/publish/signup/

Beginners Guide Intune Android for Work Google Play for Work Setup Endpoint Manager | MEM?

Beginners Guide Intune Android for Work Google Play for Work Setup Endpoint Manager | MEM
Beginners Guide Intune Android for Work Google Play for Work Setup Endpoint Manager | MEM

End-User Experience – Android for Work:-

  • Enrollment of Android for work devices is straightforward as the normal Android device enrollment for the first part of it. The second part is more towards, logging into Intune company portal from the Android for Work context and continuing the process of enrollment.
  • Work profile on Android devices will get created via Intune company portal enrollment. This will happen only for Android for Work supported devices. If you have a device that is not supported for Android for Work by Google then the enrollment won’t create a work profile etc… it will be normal enrollment.

How to enroll devices to Android for Work
How to sync Google play for Work app store with Intune
How to create a work profile for Android devices
How to complete configuration task to support Android for Work with Intune

Beginners Guide Intune Android for Work Google Play for Work Setup Endpoint Manager | MEM?

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…