Fastrack Blog

How to configure policies for Android devices in Microsoft Intune.

Written by Varun Kapoor | March 06, 2020

 

Don't waste your time manually setting up peoples devices. Microsoft Intune is your platform for centrally managing which applications and policies your company wants to deploy across your employees' mobile devices.
 
I'll show you an easy way to create a simple library of pre-configured applications.


Not all heros wear capes.

Steps for configuring Android devices using Microsoft Intune.

There's a few steps for configuring mobile devices using Microsoft Intune. I recommend reading these steps then watching the video below, where I go into more detail.

  1. Picking your devices: Unlike Apple iOS, the Android ecosystem is vast. There are so many devices and OS skins available to your users. If you're going to manage Android devices, I would recommended looking at Google's device recommendations for enterprises. Trust me, a bit of restriction for users will make life easier for everyone later on.

  2. Google Play account: Google recommends that you create an enterprise account rather than using your own as a safeguard. Learn how to create an Enterprise account here.

  3. Enrolment restrictions: By default, Intune blocks Android Enterprise work profiles. Why? I don't know. It's weird. 🤔
    Select 'allow'. Let's say you use two different types of Android devices in your workplace. One being a Samsung for general use such email, text, calendar, etc. Another might be a Zebra enterprise computer which also runs android. You wouldn't want to deploy the apps you assigned to the Samsung to the Zebra. In Intune you can assign different profiles to different device manufactures. More information. Pretty neat, aye.

  4. App configuration: If you're managing both BYOD and organisation-owned devices (hybrid system), I recommend you configure apps through 'Managed Apps'. You can configure multiple apps at once through this process, and you're not limited to just one at a time. These policies can also be used for iOS/iPadOS.

  5. Configuration policies: This is where the magic happens! When configuring apps, you can add layers of security to help protect company data. I recommend testing features like: requiring biometrics to access apps, blocking local data saving and allowing notifications via wearable devices. I go into more detail about application security in another blog post.

Android application configuration policies in action.

Watch me configure an application policy in the video below.

 

Learn more about using Microsoft Intune to manage Android devices.

 
There's so many more settings and configurations in Android you can manage with Microsoft Intune.
 
Check out the following related webinars and blog posts:
  1. Zero Touch enrolment

  2. How to protect organisational data from unmanaged Android applications.

  3. How to package Android applications in Microsoft Intune.

  4. Android Device Management webinar.