Android deployment scenarios with Microsoft Endpoint Manager

Microsoft has heavily invested in the Android ecosystem and continues to work with Google to provide the best possible platforms for users and enterprises to work hand in hand. Microsoft has ensured their flagship products are available through the Google Play Store as shown below

With Microsoft Intune we have 4 methods of deployment;

Andriod App Protection Policies (APP) Managed

This solution is targeted for BYOD devices that are not enrolled but access corporate data from the approved corporate apps, for example; Outlook, Word and Excel. App Protection Policies are placed on the applications that are accessing corporate data to ensure the security requirements are met.

More information can be found via the following url about App Protection Policies.

Android Enterprise Work Profile

This solution is targeted for BYOD devices that are enrolled to define a clear boundary between personal and corporate data. As all corporate data is stored within its own encrypted container whereby settings can be defined to control cross-profile contacts, sharing app push, certificate deployment, resource access configuration. This is the most common approach for handling BYOD devices within businesses around the globe.

More information about enrollment for Work Profile can be found via the following url

Andriod Enterprise dedicated (kiosk)

This solution is targeted for corporate-owned devices that are designed for a particular task. The easy way to describe this would be;

The Android device(s) are owned by an event management company, they loan out the devices to Exhibitors for lead retrieval. As they only need to access one application the device(s) are locked down to this single app. This solution provides a highly configurable home screen experience with “Managed Home Screen” app and following new capabilities have been launched by Microsoft

  • SCEP certificate-based Wi-Fi (November release)
  • System app support
  • Home screen branding customization
  • Wi-Fi and Bluetooth user controls
  • Kiosk drop-out code

Android Enterprise Fully Managed

This solution is targeted for corporate-owned devices which will be completely managed by the organization but used by one of their members of staff. This scenario provides a fully secure corporate device that the user is unable to tamper with or modify. The Google Play Store is locked down to only applications approved by the organization, this is my personal preference for only corporate devices.

Coming in 2020: Fully Managed with Work Profile

Expected this year, once more information is available. I will be doing into detail about how to leverage a fully managed with work profile 🙂

The Author – Blogabout.Cloud

Leave a Reply

Your email address will not be published. Required fields are marked *