By Arnab Biswas | Intune Program Manager
Update on 7/23/19: We have made progress with our Fully Managed support. You can find more updates and discussions on these developments on the following blog posts:
Update on 4/17/19: You may notice a new app in Google Play – it’s called the Microsoft Intune app. This app is in preview for new functionality for fully managed devices. We are rolling out the end-to-end scenario with this app and we expect it to be live by the first part of the 4/22/2019 week. More on this expanding workflow will be posted shortly!
Today we are releasing a preview of Android corporate-owned fully managed (formerly called Corporate Owned, Business Only (COBO) by Google) device management scenarios in Intune. This is Intune’s newest addition to its list of Android Enterprise management capabilities preceded by work profiles and dedicated (kiosk) devices.
NOTE - the preview is rolling out today - 1/17/19 and is expected to finish up by end of day. If you're on Government Cloud please note this may take until 1/18/19 to see the preview feature.
Android fully managed is one of the “device owner” management scenarios in the Android enterprise solution set that enables productivity scenarios for users on corporate devices while allowing IT admins to manage the entire device with an extended set of policy controls. This complements the Android Enterprise dedicated device solution set we released last year, which was focused on task workers and user-less devices. The extended policy capabilities in fully managed scenarios are only intended for corporate devices, which is why there are more controls and settings available here than on personal devices with work profiles. Combining the capabilities of these three solution sets now provides you more control over your Android device landscape.
Android fully managed is one of the “device owner” management scenarios in the Android Enterprise solution set that enables productivity scenarios for users while allowing IT admins to manage the entire device and enforce an extended range of policy controls, beyond that which is possible with work profiles on personal devices. Fully managed devices are company-owned general-purpose Android devices that are associated with a single user. These devices are assigned to individuals for getting their work done.
What is available in preview?
In today’s release, our Android fully managed preview focuses on device enrollment, configuration and app distribution scenarios. Our goal for this preview is to demonstrate the Android fully managed capabilities that we have built and gather feedback and iterate before this feature becomes generally available in Intune.
This preview supports the following Android fully managed scenarios in Intune:
Enable corporate-owned fully managed device enrollment to generate QR code for enrollment.
Android fully managed devices support a variety of enrollment methods such as NFC, token entry, QR code and Zero Touch. These enrollment methods can be initiated on a new or factory-reset device so that the device is enrolled, user affinity is established, and device configuration policies are applied when the device is being set up for the first time. Enrollment options for Android devices are in documentation here: https://docs.microsoft.com/intune/android-enroll.
You can see the enrollment workflow in the short clip posted below.
Device configuration for Android fully managed devices
Device settings that apply to device owner in Intune are supported on Android fully managed devices. This means that IT admins can configure more advanced device-level settings on a fully managed device than on a work profile such as allow app installation only from managed Google Play, block uninstallation of managed apps, prevent users from factory resetting devices, control system update behavior, and more.
Note that dedicated device or kiosk settings are not applicable to Android fully managed devices. This preview supports targeting of device configuration policies to user groups only. Deploying device configuration policies to device groups may not function as expected during this preview.
App distribution and configuration for Android fully managed devices
Like existing Android enterprise scenarios (work profile and dedicated devices) in Intune, apps are distributed to Android fully managed devices using managed Google Play. In addition, you can use app configuration policies to supply settings to managed apps. You can configure email or VPN app settings in this manner as well.
Note that this preview supports deploying apps to user groups only. Deploying apps to device groups may not function as expected during this preview.
What are we still working on?
We are continuing to build Android fully managed support for the following key Intune features that will be announced when Android fully managed becomes generally available:
Customer support for this preview
Note that the preview features are implemented to Microsoft Intune production standards. However, not all Intune features are available to be used with Android fully managed user devices during the preview as outlined above. The preview features are fully supported through our usual Intune support channels and are clearly labeled with “(preview)” in the Intune console.
How to reach us?
As you review the Android fully managed preview scenarios, we would love to hear your feedback on IT admin's enrollment profile configuration and end-user's device enrollment experiences.
Keep us posted on your Android plans through comments on this blog post, through Twitter (#IntuneSuppTeam), and on UserVoice.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.