Updated 11/10: We updated this post to include newly identified impact from the removal of Wi-Fi MAC address.
Android 12 was announced at Google I/O 2021 in May of this year, promising significant overhauls of the Android platform from design to privacy. In this post, we’ll highlight some noteworthy changes that you should be aware of, and we’ll share some of what we’ve found from testing the latest beta builds of Android.
Our Microsoft Endpoint Manager app protection policy (APP) and mobile device management (MDM) teams have been hard at work making sure Microsoft Intune customers are supported on the new OS release. Most APP and MDM scenarios will continue to be fully compatible with Android 12. However, Google is making some significant changes in Android 12 that affect management capabilities available to Intune.
As we approach the official release of Android 12 later in the year (historically the major Android OS releases are often in late Q3/early Q4 of the calendar year), we will continue to update this blog post as we discover new items in our beta testing. We also encourage you to read through Google’s Android 12 change documentation to identify other changes that may be relevant to your organization. Keep us posted on what APP and MDM learnings you find from your beta testing too!
Google is removing the ability for apps to access hardware identifiers on personally-owned work profile devices. The impacted hardware identifiers are serial number, IMEI, and MEID. For more information, see the Google developer documentation.
The removal affects the following workflows in the Endpoint Manager admin center for personally-owned Android Enterprise with work profile devices running Android 12:
Starting in October, Intune will not display a Wi-Fi MAC address for newly enrolled personally-owned work profile devices and devices managed with device administrator running Android 9 and above.
Network access control and third-party VPN solutions that rely or fall back on MAC addresses as device identifiers will not be able to retrieve the device MAC address. This may impact the ability of newly enrolled devices to connect to a corporate network. Devices enrolled prior to the October Company Portal release are not impacted.
Cause of impact: In October, there will be a Company Portal app update that increases the Company Portal API targeting from level 29 to level 30, as required by Google. When apps target API level 30, Android prevents them from collecting the MAC address used by the device.
Google has documented they are deprecating the Safe boot and Debugging features configuration settings for Android Enterprise device restrictions at the end of October. This affects fully managed, dedicated, and corporate-owned work profile devices. To prepare for this change, we will be adding a new setting, Developer settings, in September's Intune service release (2109). If your organization currently uses one of the deprecated settings, consider making use of Developer settings once it becomes available. For more details, see the message center post MC275160, which you can find either in your tenant status blade in the Microsoft Endpoint Manager admin center, or in the Microsoft 365 admin center. For more on service changes, see - Staying up to date on Intune new features, service changes, and service health.
Android 12 includes many changes to how apps look and feel, such as changes to scrolling animations and app launch behavior. The Company Portal and Intune app will adopt these visual changes, giving your users a consistent look and feel on the platform. If you’ve got a helpdesk or support team, they may appreciate advanced notice of the UI app experience changes in Android 12.
Keep us posted on your Android 12 experience through comments on this blog post, through Twitter (@IntuneSuppTeam), and request any new features on UserVoice. We will update this post with any additional information we learn as testing continues, and when Android 12 releases.
9/14/21: Updated with a note that Intune will not display Wi-Fi MAC address for newly enrolled personally-owned work profile devices and devices managed with device administrator running Android 9 and above.
11/10/21: Updated to include newly identified impact from the removal of Wi-Fi MAC address.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.