Android Enterprise and Microsoft Intune

I’ve been working with quite a bit of Android device management recently, of course with Microsoft Intune. Since Microsoft added support for Android Fully Managed in particular, I’ve seen a spike in demand. It seems like companies had Intune licences and Android devices, but not a great story to tie the two. Just my observations though.

A very brief history of managing Android devices is, well, confusing. You’d be forgiven to think there simply was no management available. You’d also be forgiven for using “Android for Work” in a similar conversation, as that was valid, but isn’t really now. Welcome the current (not really new) terminology – Android Enterprise.

We can’t talk about Android management without mentioning a guy called Jason Bayton, he shares a huge amount of useful info all around the Android platform and nicely explains the history and where we are with Android Enterprise. 
https://bayton.org/docs/enterprise-mobility/android/what-is-android-enterprise-and-why-is-it-used/

I’m also going to call out my WMUG friend and colleague Leon Ashton-Leatherland who is somewhat of Android enthusiast and has taught me much about the platform. He has also blogged similarly on his own blog – https://leonashtonleatherland.blogspot.com/

If you’re not familiar and haven’t read Jason’s post (you should) then we have 4 main flavours of Android Enterprise, Microsoft Intune currently supports 3.

Work profile – The end user controls the whole device, you have a ‘container’ area on the device for corp applications, hence the profile. You can also temporarily disable this if you don’t want work notifications through to the device on your weekend away. Also, commonly used for BYOD purposes.

Fully Managed – As the name suggests, these are fully managed by the IT admin. Commonly these devices are company-owned and the company wish to retain a level of lock down on the device as they are handling company data.

Dedicated Device – In a nutshell, kiosk devices. This is for dedicated uses such as the kind you see for self-service order points and shared single purpose devices in other public areas. These can be dedicated to a single application or run multiple applications.

What’s missing? Well, that would be Fully Managed + Work Profile. That is, the device is fully owned and managed, often with a light policy applied to give the user a level of freedom on the device but with a work profile for handling the corporate apps and data. Microsoft Intune does not currently support this combination but may do one day.

It’s also worth noting that I’m referring to Microsoft Intune a lot, if you are reading this a few months down the line from me writing it then the product is likely called Microsoft Endpoint Manager or some variation of that due to the re-branding announced at Microsoft Ignite 2019.

I’ve worked on each configuration and blogged the how-to guides accordingly.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.