MSEndpointMgr

Walk Through Series: InTune MDM / Android for Work : Part 2

Setup Android for Work

Microsoft have a pretty good guide here https://docs.microsoft.com/en-us/intune/deploy-use/set-up-android-for-work

A lot of this must be done in ye old Intune console

Enable Android support and click “Configure Android for Work”

Now set up the binding to Android for work.

If your organization has google email you may have G suite accounts, apparently you can’t use managed accounts for the binding. We have a support call in with Google to clarify this as I want to use Google play store for work for my users.

So you need to use an normal account to bind which is a bit nuts.

Specify Android for Work Enrollment Settings

Android for Work is only supported on certain Android devices. See Google’s Android for Work requirements. Any device that supports Android for Work will also support conventional Android management. Intune lets you specify how devices support Android for Work should be managed:

  • Manage all devices as Android – (Disabled) All Android devices, including devices that support Android for Work, will be enrolled as conventional Android devices.
  • Manage supported devices as Android for Work – (Enabled) All devices that support Android for Work are enrolled as Android for Work devices. Any Android device that does not support Android for Work is enrolled as a conventional Android device.
  • Manage supported devices for users only in these user groups as Android for Work – (Testing) Lets you target Android for Work management to a limited set of users. Only members of the selected groups who enroll a device that supports Android for Work are enrolled as Android for Work devices. All others are enrolled as Android devices.

The binding is working

Enroll in Android for Work

The process is almost the same as the last post.

Once the company portal has enrolled

Now you will need to login again to the new Company Portal in the work folder, all managed apps have a little briefcase to show they are Android for work apps.

Ok so the next blog will be pushing apps and polices.

Till next time.

Terence Beggs

An Irish man living in London, after completing a BSc in Computer Science in 2005 he started working in the IT Industry. Currently Senior Systems Officer at London Metropolitan University managing Azure and several thousand endpoints across several campuses in London. Technology focuses include SCCM, MDT, Azure, Office 365, Active Directory, Group Policy, Application Packaging, PowerShell, Virtualization and Automation.

5 comments

  • As an Intune Admin, if I have conventional android devices enrolled into Intune and I would like to have those devices now set for android for work, will all my android devices need to be unerolled and then enrolled once again?

    • If only things were that easy, Sorry JC you will need to re-enroll. I learned that the hard way.

  • Hi Terrence,

    Did you had a reply from Google about the managed accounts? I’m in the middle of a Intune implementation. We like to create Google accounts with the domain name of the customer.

    • I did get a reply from them which was pretty much “Meh”, we ended up just creating a standalone non G suite account as its only used to connect the services together. Such a stilly situation.

  • Hi Terrence,

    Your way of explaining is very nice what I was looking for and helped me to understand the topic very well. Windows intune in terms of android work is very impressive.

Sponsors