Android enrollment types in Intune

Gianelli G

Hello Readers! On this post we will talk about the enrollment options available for Android devices on Intune. You can set up enrollment for Android devices to access company resources and let users enroll personally-owned devices and company-owned devices.

The following slide represents the different methods to secure your workforce in Intune depending on the device’s ownership. Take a moment to look at it closer …

Android Enrollment types

Looks familiar to you? Let me explain each method:

The personal devices are enrolled using the Company Portal application and it is called Enterprise work profile.

Enterprise work profile

For this type of enrollment, admins can manage work accounts, apps, and data. Personal data on the device is kept separate from work data and admins don’t control personal settings or data.

After your profile is set up, your organization will manage the work-side of it, which consists of only the work files and work data. Your company support can’t manage the personal data on your device.

To create a work profile follow this Microsoft guide.

For corporate-owned where organizations buy devices for their users, Intune supports the following enrollment methods:

Android Enterprise dedicated

This is the option for you if your goal is to manage devices that are used for a single purpose such as digital signage, ticket printing, or inventory management. Devices that you manage in this way are enrolled in Intune without a user account and aren’t associated with any end user.

They’re not intended for personal use applications or apps that have a strong requirement for user-specific account data such as Outlook or Gmail.

Android Enterprise fully managed: 

Fully managed devices are corporate-owned devices associated with a single user and used exclusively for work and not personal use. Admins can manage the entire device and enforce policy controls unavailable to work profiles, such as:

  • Allow app installation only from Managed Google Play.
  • Block uninstallation of managed apps.
  • Prevent users from factory resetting devices, and so on.

Android Enterprise corporate-owned with work profile:

Android Enterprise corporate-owned devices with a work profile are single user devices intended for corporate and personal use.

End users can keep their work and personal data separate and are guaranteed that their personal data and applications will remain private. Admins can control some settings and features for the entire device, including:

  • Setting requirements for the device password
  • Controlling Bluetooth and data roaming
  • Configuring factory reset protection

Those are the methods currently available to manage your Android devices in Intune. We will be testing each method and posting the results in this blog, so stay tuned… Don’t forget to post your comments or questions! ♥

Tip

There is another method available on Intune to managed devices called Android device administrator or sometimes referred to “legacy” although improved management functionality is now available with Android Enterprise (released with Android 5.0).

References

Enroll device with Android work profile
Set up Intune enrollment of Android Enterprise dedicated devices
Set up Intune enrollment of Android Enterprise fully managed devices

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s