Blog Post

Intune Customer Success
3 MIN READ

New onboarding flow to managing Android Enterprise devices with Microsoft Intune

Intune_Support_Team's avatar
Intune_Support_Team
Silver Contributor
Jul 31, 2024

By: Priya Ravichandran – Principal Product Manager & Gracey Wilson - Product Manager 2 | Microsoft Intune

 

A prerequisite to managing Android Enterprise devices with Microsoft Intune is that organizations must first complete a one-time onboarding process which requires admins to create and manage a consumer Gmail account. Starting in August 2024, this process will no longer require Gmail accounts. Instead, we’re happy to announce that admins will be able to use their existing Microsoft Entra credentials to complete this one-time onboarding.

 

Streamlined flow for new tenants

For tenants connecting or reconnecting your Microsoft Intune tenant to Managed Google Play, you can now use your Microsoft Entra credentials to complete the onboarding process. Let’s walk through the new flow.


As you work through the Prerequisites tab under Android enrollment, the new flow is invoked when you select “Launch Google to connect now”. At this point, a new tab is launched with the following screen. The Microsoft Entra credentials used to sign into the Microsoft Intune admin center will be pre-filled.

 

 

We recommend continuing with the prefilled identity and selecting the “Sign in with Microsoft” option that will follow.

 

Figure 1: Select "Sign in with Microsoft" to easily use your Entra identity.

 

The process may require email verification so if the identity or credentials used to sign in doesn’t have an email inbox, we recommend that you use a corporate email address with a mailbox to complete the onboarding. Once the onboarding flow is complete, you can add other Microsoft Intune administrators into the Google Admin console and grant them the right level of access to manage Google resources for your organization.


The Google Admin console wizard will guide you through the steps to create and set up your Google Admin account and allow Intune to manage your Android Enterprise devices.

 

Figure 2: To complete the account creation, you will need to select 'Allow and create account'.

 

Figure 3: Once the account is created, you will need to allow Intune to manage the devices for a second time.

 

At this point, the step to connect your Microsoft tenant to Google is complete and you can start enrolling and managing Android Enterprise devices with Microsoft Intune.

 

Migration for current Intune tenants

For Microsoft Intune customers who have already onboarded using a Gmail account, you can now opt to upgrade to your Managed Google Play account as of September 2025.

To begin migration, navigate to the Android apps page in the Microsoft Intune admin center (or any embedded Google page). Starting September 10, 2025, a banner will appear at the top of the page (in the red box in the screenshot below):

 

Selecting "Upgrade for free" will direct you a Google-driven onboarding flow, where you can upgrade your account by following the steps provided.

A seamless experience that will allow you to upgrade without leaving the Intune console is in the works, to be released later this calendar year. Check back on this blog for a future update when the Intune-driven experience becomes available in the Microsoft Intune admin center.

If you choose not to upgrade your account, you will still be supported. There is no plan to deprecate the existing state by Google.

 

What is this new Google Account?

As you may have noticed, the onboarding flow creates a Google account using your corporate email address. Admins can use their Microsoft Entra credentials to log in and manage the connection between Google and Microsoft Intune, as well as other Google features. For more information, refer to How Android Enterprise connects your Google services (Google Blog).

 

What's next

A seamless experience that will allow you to upgrade without leaving the Microsoft Intune admin center is in the works, to be released later this calendar year. Check back on this blog for a future update when the Intune-driven experience becomes available in the Microsoft Intune admin center.

 

As you engage with this new experience, let us know in the comments below or by reaching out on X @IntuneSuppTeam if you have any questions or feedback so that we can work together to make this the best experience.

 

Post Updates:

09/09/25: Updated the sections on "Migration for current Intune tenants" and "What's next".

Updated Sep 09, 2025
Version 5.0
android
android enterprise

14 Comments

  • ioannis-dp's avatar
    ioannis-dp
    Copper Contributor
    Sep 10, 2025

    Great update! Please post any documentation links that we can go through. It is important to not break any of our apps or Android management during the migration.

  • Anthonymelwhrhs's avatar
    Anthonymelwhrhs
    Iron Contributor
    Sep 09, 2025

    This is great that we can now migrate! Can you assure us that when migrating we will not break our apps or devices registered in Intune? Will we need to re-register our devices or redeploy apps.

  • ioannis-dp's avatar
    ioannis-dp
    Copper Contributor
    Jun 04, 2025

    Hi, any update on the migration plan for current tenants please?

  • Anthonymelwhrhs's avatar
    Anthonymelwhrhs
    Iron Contributor
    Apr 01, 2025

    Curious if there is any news on migrating from our existing Gmail account that won’t interrupt how these devices are managed.

  • paddy_braun's avatar
    paddy_braun
    Copper Contributor
    Aug 13, 2024

    Jessica-Yang If I understand correctly, then the following scenario would be possible:

    Within Intune, the Admin A had set up the Managed Google Play with his personalized admin account (which has no mailbox. Hence, it is not monitored).

    There is also Intune Admin B, but his account was never connected with Managed Play. Now Admin A leaves the company and according to good practice, his personalized admin account is deleted following the offboarding process. 30 days pass. Admin B took over the Android Enterprise admin responsibility. As he is Intune Admin, he can still get into the Managed Google Play and connect with his admin account there, without any impact on existing Android Enterprise devices or Apps. Is that correct?

    Additionally, If Admin B would get a mailbox, would he receive notification mails from the Managed Google Play?

     

    Rbb74

    This is not a strategy or process issue at all, but a user-related issue.

    Sure I am aware of having a good account strategy is crucial. But even with the best practices set up, the creation of the Managed Google Play connection stays an individual task: You cannot do anything about it, if the responsible admin is using their personalized admin account instead of a service account and thus not complies with the strategy. The offboarding process usually handles admin accounts differently than service accounts. So from a process-view, a deletion could be totally reasonable.  As Adria_Solana said, customers are calling-in, once it's too late already.

     

    Intune_Support_Team we really need to understand, how the Managed Google Play connection behaves in case of a deletion of the connected account, especially when the account was the "master account" that created the connection. that's why I described the scenario above to verify my understanding. 

     

    Finally, according to this article I can promise you, there will be huge amount of customers that is going to create the connection with their personalized (admin) account instead of some service account, as it is not mentioned at all in the article. The "normal admin" would very likely not be aware of the implications of the account used for the connection.

    If nothing happens on deletion of the account, fine. But until now, if you had deleted a Google Account that was used to create the connection, this wiped all your Android Enterprise Corporate Managed Devices and the Apps. Before implementing this new feature, which is certainly great (don't get me wrong), we need to be aware of the full picture of consequences. As SteffenSchwerdtfeger said, sometimes it could be a much better idea, to use shared mailboxes.

    • Intune_Support_Team's avatar
      Intune_Support_Team
      Silver Contributor
      Nov 08, 2024

      Hi paddy_braun 

       

      Thanks for the feedback! We'd definitely take this onboard, and share with the relevant folks to improve relevant resource to explain the scenario better.

       

      Thanks!

  • SteffenSchwerdtfeger's avatar
    SteffenSchwerdtfeger
    Copper Contributor
    Aug 06, 2024

    Jessica-Yang I'm thinking if a service account wouldn't be the better option here? Or create a shared mailbox and enable sign-in temporarily?
    I guess most customers created a Google account with an email address linked to a shared mailbox as paddy_braun also said. This made it flexible because you had no problems if admins were changing. Also, important mails from Google can be monitored via this mailbox.

  • Adria_Solana's avatar
    Adria_Solana
    Copper Contributor
    Aug 05, 2024

    Jessica-Yang Thank you for your response. Although it is important to have it all documented and procedural, there are customers who do not follow good practices or call you when it is too late and it is important to know how it works in order to help them deploy the environment as best as possible.

     

    Thank you for everything.

  • Jessica-Yang's avatar
    Jessica-Yang
    Icon for Microsoft rankMicrosoft
    Aug 05, 2024

    Adria_Solana paddy_braunRbb74 has some good advice on managing service accounts like this. With this feature, you'll also be able to specify multiple Entra accounts as Managed Google Play admins. For example if you set this up initially with admin1@example.com and then the person associated with admin1 leaves, you can still access the Google console since you control the example.com tenant. You can then add admin2 to the Managed Google Play account as the new administrator, and remove admin1. Just a suggestion. Hope this helps.

  • ioannis-dp's avatar
    ioannis-dp
    Copper Contributor
    Aug 05, 2024

    This is a great advancement but we need a way for older tenants to get migrated. The whole idea of having to use a consumer Gmail account to use Intune is bad for multiple reasons.

  • Rbb74's avatar
    Rbb74
    MCT
    Aug 02, 2024

    The issue with an account that is deleted should never happen if you have implemented a solid strategy for service accounts (or whatever you want to call , this is crucial for any IT-deparment. As always with these kind of connection accounts, never use a personal account or a account that can be deleted by mistake. If it happens , you will can always recover the account within 30 days.

     

    If you do not discover the accidental deletion in less then 30 days, you have a whole other issue to solve……(i.e.your processes, security etc) 😕

     

    This is a great advancement in making the Intune admins setup and management of third party solutions so much easier. The fewer accounts to manage, the better! 😎

     

    Great work , keep it up Intune_Support_Team ! 👌