Earlier today,Google announcedthe deprecation and eventual disablement of Device Admin Android management. Device Admin, sometimes referred to as “legacy” Android management, is the technical term for the management mode that existed since Android 2.2 that is in use by the majority of our customers. For the customers who manage Android in the enterprise, this is an important announcement. This means that starting in Android Q (Android major version releases come roughly every year), the only way to manage an Android device will be to use one of the two new Android enterprise management modes. But more importantly, Google is signaling to the ecosystem that Device Admin is “legacy” and insufficient for many enterprise scenarios. Google’s recommendation is to start considering how to adopt one of these new management modes now.
Since Android 5.0, Device Admin has been seen as a legacy way of managing devices. Device Admin is common, is widely supported, and is often considered to be the “default” way of managing Android devices. However, it does have its issues which Google explains in their blog post. It lacks personal/work separation and requires that users grant full rights on their devices. It also lacks some of the pervasive controls that are useful for kiosk scenarios and for fully managed devices. For these reasons, Device Admin doesn’t work great for BYOD and company-owned device scenarios.
We're in the process of setting up Intune to begin migration around early-March, and are moving away from Device Admin to Android for Work.
However we've not been able to leverage our existing G Suite setup with all of our AfW user accounts due to Intune not supporting the token/JSON service account exchange. This also means that we can't enforce enrolment during the setup process of the device and have to rely on the user downloading Intune CP app with their own Google Play account and enrolling successfully.
Is this something that is being worked on to help streamline migrations for admins?