New onboarding flow to managing Android Enterprise devices with Microsoft Intune

Jessica-Yang If I understand correctly, then the following scenario would be possible:

Within Intune, the Admin A had set up the Managed Google Play with his personalized admin account (which has no mailbox. Hence, it is not monitored).

There is also Intune Admin B, but his account was never connected with Managed Play. Now Admin A leaves the company and according to good practice, his personalized admin account is deleted following the offboarding process. 30 days pass. Admin B took over the Android Enterprise admin responsibility. As he is Intune Admin, he can still get into the Managed Google Play and connect with his admin account there, without any impact on existing Android Enterprise devices or Apps. Is that correct?

Additionally, If Admin B would get a mailbox, would he receive notification mails from the Managed Google Play?

Rbb74

This is not a strategy or process issue at all, but a user-related issue.

Sure I am aware of having a good account strategy is crucial. But even with the best practices set up, the creation of the Managed Google Play connection stays an individual task: You cannot do anything about it, if the responsible admin is using their personalized admin account instead of a service account and thus not complies with the strategy. The offboarding process usually handles admin accounts differently than service accounts. So from a process-view, a deletion could be totally reasonable.  As Adria_Solana said, customers are calling-in, once it's too late already.

Intune_Support_Team we really need to understand, how the Managed Google Play connection behaves in case of a deletion of the connected account, especially when the account was the "master account" that created the connection. that's why I described the scenario above to verify my understanding. 

Finally, according to this article I can promise you, there will be huge amount of customers that is going to create the connection with their personalized (admin) account instead of some service account, as it is not mentioned at all in the article. The "normal admin" would very likely not be aware of the implications of the account used for the connection.

If nothing happens on deletion of the account, fine. But until now, if you had deleted a Google Account that was used to create the connection, this wiped all your Android Enterprise Corporate Managed Devices and the Apps. Before implementing this new feature, which is certainly great (don't get me wrong), we need to be aware of the full picture of consequences. As SteffenSchwerdtfeger said, sometimes it could be a much better idea, to use shared mailboxes.