%3CLINGO-SUB%20id%3D%22lingo-sub-1441935%22%20slang%3D%22en-US%22%3EDecreasing%20support%20for%20Android%20device%20administrator%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1441935%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EAndroid%20device%20administrator%20management%20was%20released%20in%20Android%202.2%20as%20a%20way%20to%20manage%20Android%20devices.%20Then%20beginning%20with%20Android%205%2C%20the%20more%20modern%20management%20framework%20of%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fenrollment%2Fconnect-intune-android-enterprise%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAndroid%20Enterprise%3C%2FA%3E%20was%20released%20(for%20devices%20that%20can%20reliably%20connect%20to%20Google%20Mobile%20Services).%20Google%20is%20encouraging%20movement%20off%20of%20device%20administrator%20management%20by%20decreasing%20its%20management%20support%20in%20new%20Android%20releases.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1171221587%22%20id%3D%22toc-hId-1171221587%22%20id%3D%22toc-hId-1171221587%22%20id%3D%22toc-hId-1171221587%22%20id%3D%22toc-hId-1171221587%22%20id%3D%22toc-hId-1171221587%22%20id%3D%22toc-hId-1171221587%22%20id%3D%22toc-hId-1171221587%22%20id%3D%22toc-hId-1171221587%22%20id%3D%22toc-hId-1171221587%22%3E%3CSTRONG%3EHow%20does%20this%20affect%20me%3F%3CBR%20%2F%3E%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3E%3CSPAN%3EBecause%20of%20these%20changes%20by%20Google%2C%20in%20the%20fourth%20quarter%20of%202020%2C%20you%20will%20no%20longer%20have%20as%20extensive%20management%20capabilities%20on%20impacted%20device%20administrator%20managed%20devices.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ENote%3A%20This%20date%20was%20previously%20communicated%20as%20third%20quarter%20of%202020%2C%20but%20it%20has%20been%20moved%20out%20based%20on%20the%20%3CA%20href%3D%22https%3A%2F%2Fwww.blog.google%2Fproducts%2Fandroid-enterprise%2Fda-migration%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Elatest%20information%20from%20Google%3C%2FA%3E.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EDevice%20types%20that%20will%20be%20impacted%3CBR%20%2F%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EDevices%20that%20will%20be%20impacted%20by%20the%20decreasing%20device%20administrator%20support%20are%20those%20for%20which%20all%20three%20conditions%20below%20apply%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EEnrolled%20in%20device%20administrator%20management%3C%2FLI%3E%0A%3CLI%3ERunning%20Android%2010%20or%20later%3C%2FLI%3E%0A%3CLI%3ENot%20a%20Samsung%20device%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EDevices%20will%20not%20be%20impacted%20if%20they%20are%20any%20of%20the%20below%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ENot%20enrolled%20with%20device%20administrator%20management%3C%2FLI%3E%0A%3CLI%3ERunning%20an%20Android%20version%20below%20Android%2010%3C%2FLI%3E%0A%3CLI%3ESamsung%20devices%20(Samsung%20Knox%20devices%20won't%20be%20impacted%20in%20this%20timeframe%20because%20extended%20support%20is%20provided%20through%20Intune%E2%80%99s%20integration%20with%20the%20Knox%20platform.%20This%20gives%20you%20additional%20time%20to%20plan%20the%20transition%20off%20device%20administrator%20management%20for%20Samsung%20devices.)%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--636232876%22%20id%3D%22toc-hId--636232876%22%20id%3D%22toc-hId--636232876%22%20id%3D%22toc-hId--636232876%22%20id%3D%22toc-hId--636232876%22%20id%3D%22toc-hId--636232876%22%20id%3D%22toc-hId--636232876%22%20id%3D%22toc-hId--636232876%22%20id%3D%22toc-hId--636232876%22%20id%3D%22toc-hId--636232876%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-1851279957%22%20id%3D%22toc-hId-1851279957%22%20id%3D%22toc-hId-1851279957%22%20id%3D%22toc-hId-1851279957%22%20id%3D%22toc-hId-1851279957%22%20id%3D%22toc-hId-1851279957%22%20id%3D%22toc-hId-1851279957%22%20id%3D%22toc-hId-1851279957%22%20id%3D%22toc-hId-1851279957%22%20id%3D%22toc-hId-1851279957%22%3E%3CSTRONG%3ESettings%20that%20will%20be%20impacted%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdevelopers.google.com%2Fandroid%2Fwork%2Fdevice-admin-deprecation%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EGoogle's%20decreased%20device%20administrator%20support%3C%2FA%3E%20prevents%20configuration%20of%20these%20settings%20from%20applying%20on%20impacted%20devices.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EConfiguration%20profile%20device%20restrictions%20settings%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EBlock%20%3CSTRONG%3ECamera%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3ESet%20%3CSTRONG%3EMinimum%20password%20length%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3ESet%20%3CSTRONG%3ENumber%20of%20sign-in%20failures%20before%20wiping%20device%3C%2FSTRONG%3E%20(will%20not%20apply%20on%20devices%20without%20a%20password%20set%2C%20but%20will%20apply%20on%20devices%20with%20a%20password)%3C%2FLI%3E%0A%3CLI%3ESet%20%3CSTRONG%3EPassword%20expiration%20(days)%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3ESet%20%3CSTRONG%3ERequired%20password%20type%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3ESet%20%3CSTRONG%3EPrevent%20use%20of%20previous%20passwords%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EBlock%20%3CSTRONG%3ESmart%20Lock%20and%20other%20trust%20agents%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Config-camera.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F196847iD0F2BAAC3FE9064B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Config-camera.png%22%20alt%3D%22Config-camera.png%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Config-password.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F196850i8F9ACC3EBC322C11%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Config-password.png%22%20alt%3D%22Config-password.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ECompliance%20policy%20settings%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ESet%20%3CSTRONG%3ERequired%20password%20type%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3ESet%20%3CSTRONG%3EMinimum%20password%20length%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3ESet%20%3CSTRONG%3ENumber%20of%20days%20until%20password%20expires%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3ESet%20%3CSTRONG%3ENumber%20of%20previous%20passwords%20to%20prevent%20reuse%3C%2FSTRONG%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22compliance-password.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F196851iFB1D929A087AF5D4%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22compliance-password.png%22%20alt%3D%22compliance-password.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-43825494%22%20id%3D%22toc-hId-43825494%22%20id%3D%22toc-hId-43825494%22%20id%3D%22toc-hId-43825494%22%20id%3D%22toc-hId-43825494%22%20id%3D%22toc-hId-43825494%22%20id%3D%22toc-hId-43825494%22%20id%3D%22toc-hId-43825494%22%20id%3D%22toc-hId-43825494%22%20id%3D%22toc-hId-43825494%22%3E%3CSTRONG%3EAdditional%20impacts%20based%20on%20Android%20OS%20version%3CBR%20%2F%3E%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3E%3CSTRONG%3EAndroid%2010%3A%3C%2FSTRONG%3E%20For%20all%20device%20administrator%20managed%20devices%20(including%20Samsung)%20running%20Android%2010%20and%20later%2C%20Google%20has%20restricted%20the%20ability%20for%20device%20administrator%20management%20agents%20like%20Company%20Portal%20to%20access%20device%20identifier%20information.%20This%20restriction%20impacts%20the%20following%20Intune%20features%20after%20a%20device%20is%20updated%20to%20Android%2010%20or%20later%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ENetwork%20access%20control%20for%20VPN%20will%20no%20longer%20work%3C%2FLI%3E%0A%3CLI%3EIdentifying%20devices%20as%20corporate-owned%20with%20an%20IMEI%20or%20serial%20number%20won't%20automatically%20mark%20devices%20as%20corporate-owned%3C%2FLI%3E%0A%3CLI%3EThe%20IMEI%20and%20serial%20number%20will%20no%20longer%20be%20visible%20to%20IT%20admins%20in%20Intune%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSTRONG%3EAndroid%2011%3A%3C%2FSTRONG%3E%20We%20are%20currently%20testing%20Android%2011%20support%20on%20the%20latest%20developer%20beta%20release%20to%20evaluate%20if%20it%20will%20cause%20impact%20on%20device%20administrator%20managed%20devices.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1763628969%22%20id%3D%22toc-hId--1763628969%22%20id%3D%22toc-hId--1763628969%22%20id%3D%22toc-hId--1763628969%22%20id%3D%22toc-hId--1763628969%22%20id%3D%22toc-hId--1763628969%22%20id%3D%22toc-hId--1763628969%22%20id%3D%22toc-hId--1763628969%22%20id%3D%22toc-hId--1763628969%22%20id%3D%22toc-hId--1763628969%22%3E%3CSTRONG%3EUser%20experience%20of%20impacted%20settings%20on%20impacted%20devices%3CBR%20%2F%3E%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3EImpacted%20configuration%20settings%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EFor%20already%20enrolled%20devices%20that%20already%20had%20the%20settings%20applied%2C%20the%20impacted%20configuration%20settings%20will%20continue%20being%20enforced.%3C%2FLI%3E%0A%3CLI%3EFor%20newly%20enrolled%20devices%2C%20newly%20assigned%20settings%2C%20and%20updated%20settings%2C%20the%20impacted%20configuration%20settings%20will%20not%20be%20enforced%20(but%20all%20other%20configuration%20settings%20will%20still%20be%20enforced).%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EImpacted%20compliance%20settings%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EFor%20already%20enrolled%20devices%20that%20already%20had%20the%20settings%20applied%2C%20the%20impacted%20compliance%20settings%20will%20still%20show%20as%20reasons%20for%20noncompliance%20on%20the%20%E2%80%9CUpdate%20device%20settings%E2%80%9D%20page%2C%20the%20device%20will%20be%20out%20of%20compliance%2C%20and%20the%20password%20requirements%20will%20still%20be%20enforced%20in%20the%20Settings%20app.%3C%2FLI%3E%0A%3CLI%3EFor%20newly%20enrolled%20devices%2C%20newly%20assigned%20settings%2C%20and%20updated%20settings%2C%20the%20impacted%20compliance%20settings%20will%20still%20show%20as%20reasons%20for%20noncompliance%20on%20the%20%E2%80%9CUpdate%20device%20settings%E2%80%9D%20page%20and%20the%20device%20will%20be%20out%20of%20compliance%2C%20but%20stricter%20password%20requirements%20will%20not%20be%20enforced%20in%20the%20Settings%20app.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-723883864%22%20id%3D%22toc-hId-723883864%22%20id%3D%22toc-hId-723883864%22%20id%3D%22toc-hId-723883864%22%20id%3D%22toc-hId-723883864%22%20id%3D%22toc-hId-723883864%22%20id%3D%22toc-hId-723883864%22%20id%3D%22toc-hId-723883864%22%20id%3D%22toc-hId-723883864%22%20id%3D%22toc-hId-723883864%22%3E%3CSTRONG%3ECause%20of%20impact%3CBR%20%2F%3E%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3EDevices%20will%20begin%20being%20impacted%20in%20the%20fourth%20quarter%20of%202020.%20At%20that%20time%2C%20there%20will%20be%20a%20Company%20Portal%20app%20update%20that%20will%20increase%20the%20Company%20Portal%20API%20targeting%20from%20level%2028%20to%20level%2029%20(as%20%3CA%20href%3D%22https%3A%2F%2Fwww.blog.google%2Fproducts%2Fandroid-enterprise%2Fda-migration%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Erequired%20by%20Google%3C%2FA%3E).%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3EAt%20that%20point%2C%20device%20administrator%20managed%20devices%20that%20are%20not%20manufactured%20by%20Samsung%20will%20be%20impacted%20once%20the%20user%20completes%20both%20these%20actions%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EUpdates%20to%20Android%2010%20or%20later%3C%2FLI%3E%0A%3CLI%3EUpdates%20the%20Company%20Portal%20app%20to%20the%20version%20that%20targets%20API%20level%202%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1083570599%22%20id%3D%22toc-hId--1083570599%22%20id%3D%22toc-hId--1083570599%22%20id%3D%22toc-hId--1083570599%22%20id%3D%22toc-hId--1083570599%22%20id%3D%22toc-hId--1083570599%22%20id%3D%22toc-hId--1083570599%22%20id%3D%22toc-hId--1083570599%22%20id%3D%22toc-hId--1083570599%22%20id%3D%22toc-hId--1083570599%22%3E%3CSTRONG%3EWhat%20do%20I%20need%20to%20do%20to%20prepare%20for%20this%20change%3F%3CBR%20%2F%3E%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3ETo%20avoid%20the%20reduction%20in%20functionality%20coming%20in%20the%20fourth%20quarter%20of%202020%2C%20we%20recommend%20the%20following%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3ENew%20enrollments%3A%3C%2FSTRONG%3E%20Onboard%20new%20devices%20into%20-ERR%3AREF-NOT-FOUND-Android%20Enterprise%20management%20(where%20available)%20and%2For%20-ERR%3AREF-NOT-FOUND-app%20protection%20policies.%20Avoid%20onboarding%20new%20devices%20into%20device%20administrator%20management.%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EPreviously%20enrolled%20devices%3A%3C%2FSTRONG%3E%20If%20a%20device%20administrator%20managed%20device%20is%20running%20Android%2010%20or%20later%20or%20may%20update%20to%20Android%2010%20or%20later%20(especially%20if%20it%20is%20not%20a%20Samsung%20device)%2C%20move%20it%20off%20of%20device%20administrator%20management%20to%20-ERR%3AREF-NOT-FOUND-Android%20Enterprise%20management%20and%2For%20-ERR%3AREF-NOT-FOUND-app%20protection%20policies.%20You%20can%20leverage%20the%20streamlined%20flow%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fenrollment%2Fandroid-move-device-admin-work-profile%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Emove%20Android%20devices%20from%20device%20administrator%20to%20work%20profile%20management%3C%2FA%3E.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSTRONG%3EAdditional%20information%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fenrollment%2Fandroid-move-device-admin-work-profile%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMove%20Android%20devices%20from%20device%20administrator%20to%20work%20profile%20management%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fenrollment%2Fandroid-work-profile-enroll%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESet%20up%20enrollment%20of%20Android%20Enterprise%20work%20profile%20devices%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fenrollment%2Fandroid-kiosk-enroll%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESet%20up%20enrollment%20of%20Android%20Enterprise%20dedicated%20devices%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fenrollment%2Fandroid-fully-managed-enroll%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESet%20up%20enrollment%20of%20Android%20Enterprise%20fully%20managed%20devices%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fapps%2Fapp-protection-policies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EHow%20to%20create%20an%20assign%20app%20protection%20policies%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fapps%2Fmanage-without-gms%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EHow%20to%20use%20Intune%20in%20environments%20without%20Google%20Mobile%20Services%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fapps%2Fandroid-deployment-scenarios-app-protection-work-profiles%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EUnderstanding%20app%20protection%20policies%20and%20work%20profiles%20on%20Android%20Enterprise%20devices%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.blog.google%2Fproducts%2Fandroid-enterprise%2Fda-migration%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EGoogle%E2%80%99s%20blog%20about%20what%20you%20need%20to%20know%20about%20Device%20Admin%20deprecation%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Fstatic.googleusercontent.com%2Fmedia%2Fandroid.com%2Fen%2Fenterprise%2Fstatic%2F2016%2Fpdfs%2Fenterprise%2FAndroid-Enterprise-Migration-Bluebook_2019.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EGoogle's%20guidance%20for%20migration%20from%20device%20administrator%20to%20Android%20Enterprise%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdevelopers.google.com%2Fandroid%2Fwork%2Fdevice-admin-deprecation%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EGoogle's%20documentation%20of%20deprecated%20device%20administrator%20APIs%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1441935%22%20slang%3D%22en-US%22%3E%3CP%3ERead%20this%20post%20for%20more%20information%20on%20decreasing%20support%20for%20Android%20device%20administrator.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1441935%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAndroid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAndroid%20Device%20Administrator%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMEM%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1445399%22%20slang%3D%22en-US%22%3ERe%3A%20Decreasing%20support%20for%20Android%20device%20administrator%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1445399%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20reiterating%20this.%20The%20timeline%20and%20impacts%2Fnon-impacts%20for%20the%20deprecation%20of%20Android%20Device%20Administrator%20management%20had%20been%20a%20tad%20confusing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegarding%20the%20Android%20Enterprise%20support%20caveat%20%22%3CSPAN%3E(for%20devices%20that%20can%20reliably%20connect%20to%20Google%20Mobile%20Services)%22%26nbsp%3B%E2%80%93%20is%20it%20on%20the%20roadmap%20for%20Intune%20to%20support%20Android%20Enterprise%20enrollment%20on%20devices%20that%20%3CEM%3Edo%20not%3C%2FEM%3E%20have%20access%20to%20Google%20Mobile%20Services%3F%20(AOSP%2C%20etc)%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3ESome%20other%20big-name%20MDMs%20can%20manage%20such%20devices.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1446028%22%20slang%3D%22en-US%22%3ERe%3A%20Decreasing%20support%20for%20Android%20device%20administrator%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1446028%22%20slang%3D%22en-US%22%3E%3CP%3EWill%20support%20for%20Android%20Enterprise%20be%20coming%20to%20Office%20365%20MDM%3F%20This%20only%20supports%20Android%20device%20administrator%20enrollment%20and%20will%20be%20affected%20by%20these%20changes.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1449378%22%20slang%3D%22en-US%22%3ERe%3A%20Decreasing%20support%20for%20Android%20device%20administrator%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1449378%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20about%20non-Samsung%20devices%20that's%20used%20in%20China.%20Since%20Android%20Enterprise%20is%20not%20available%20there%2C%20how%20are%20we%20tackling%20this%20issue%20for%20China%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1449648%22%20slang%3D%22en-US%22%3ERe%3A%20Decreasing%20support%20for%20Android%20device%20administrator%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1449648%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F691377%22%20target%3D%22_blank%22%3E%40tmaguire%3C%2FA%3E%2C%20there%20are%20no%20current%20plans%20for%20Microsoft%20365%20Mobile%20Device%20Management%20to%20support%20Android%20Enterprise%20support%2C%20as%20the%20current%20supported%20device%20types%20for%20MDM%20for%20Microsoft%20365%20are%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Foffice%2Fcapabilities-of-built-in-mobile-device-management-for-microsoft-365-a1da44e5-7475-4992-be91-9ccec25905b0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eavailable%20here%3C%2FA%3E.%20If%20you'd%20like%20to%20start%20managing%20Android%20Enterprise%20devices%20you%20may%20want%20to%20consider%20moving%20to%20Intune.%20You%20can%20learn%20more%20about%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Ffundamentals%2Fwhat-is-intune%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EIntune%20here%3C%2FA%3E%26nbsp%3Band%20you%20can%20start%20enrolling%20Android%20Enterprise%20devices%20in%20a%20few%20ways%20listed%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fenrollment%2Fandroid-enroll%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%20Hope%20this%20helps!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1450337%22%20slang%3D%22en-US%22%3ERe%3A%20Decreasing%20support%20for%20Android%20device%20administrator%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1450337%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20use%20Samsung%20devices%20because%20of%20the%20smooth%20management%20by%20Intune%20through%20the%20device%20management.%20Are%20there%20any%20plans%20or%20schedules%2C%20then%20it%20won't%20work%20with%20Samsung%20either%3F%20All%20other%20management%20methods%20via%20Android%20Enterprise%2FWorking%20Profile%20or%20mam%20policies%20do%20not%20meet%20our%20business%20needs.%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20we%20are%20currently%20staying%20with%20the%20android%20device%20management%20for%20the%20moment.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1452356%22%20slang%3D%22en-US%22%3ERe%3A%20Decreasing%20support%20for%20Android%20device%20administrator%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1452356%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F262325%22%20target%3D%22_blank%22%3E%40florianH%3C%2FA%3E%2C%20thanks%20for%20the%20feedback.%20There%20are%20no%20current%20plans%20to%20end%20support%20on%20Samsung%20devices.%20For%20any%20future%20Intune%20changes%20and%20features%20-%20We%E2%80%99ll%20be%20communicating%20these%20notices%20in%20advance%20within%20the%20Message%20Center%20as%20well%20as%20an%20posting%20an%20update%20within%20our%20%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fmem%252Fintune%252Ffundamentals%252Fin-development%2523notices%26amp%3Bdata%3D02%257C01%257CMax.Stein%2540microsoft.com%257C1b3c8d9d90de4e30436808d80cb2f236%257C72f988bf86f141af91ab2d7cd011db47%257C0%257C0%257C637273309995399956%26amp%3Bsdata%3DyIx4s5SUQp3z64XuQJ3lLqUzgdVUdEUW%252B9B%252FF7mym3I%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EIntune%20-%20Notices%3C%2FA%3E%20docs.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1452403%22%20slang%3D%22en-US%22%3ERe%3A%20Decreasing%20support%20for%20Android%20device%20administrator%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1452403%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F693162%22%20target%3D%22_blank%22%3E%40chetan19871%3C%2FA%3E%2C%26nbsp%3BAndroid%20Enterprise%20is%20not%20available%20in%20China.%20We%E2%80%99re%20continuing%20to%20evaluate%20our%20Android%20management%20options%20in%20China.%3C%2FP%3E%3C%2FLINGO-BODY%3E

Android device administrator management was released in Android 2.2 as a way to manage Android devices. Then beginning with Android 5, the more modern management framework of Android Enterprise was released (for devices that can reliably connect to Google Mobile Services). Google is encouraging movement off of device administrator management by decreasing its management support in new Android releases.

 

How does this affect me?

Because of these changes by Google, in the fourth quarter of 2020, you will no longer have as extensive management capabilities on impacted device administrator managed devices.

 

Note: This date was previously communicated as third quarter of 2020, but it has been moved out based on the latest information from Google.

 

Device types that will be impacted

Devices that will be impacted by the decreasing device administrator support are those for which all three conditions below apply:

  • Enrolled in device administrator management
  • Running Android 10 or later
  • Not a Samsung device

Devices will not be impacted if they are any of the below:

  • Not enrolled with device administrator management
  • Running an Android version below Android 10
  • Samsung devices (Samsung Knox devices won't be impacted in this timeframe because extended support is provided through Intune’s integration with the Knox platform. This gives you additional time to plan the transition off device administrator management for Samsung devices.)

 

Settings that will be impacted

Google's decreased device administrator support prevents configuration of these settings from applying on impacted devices.

 

Configuration profile device restrictions settings:

  • Block Camera
  • Set Minimum password length
  • Set Number of sign-in failures before wiping device (will not apply on devices without a password set, but will apply on devices with a password)
  • Set Password expiration (days)
  • Set Required password type
  • Set Prevent use of previous passwords
  • Block Smart Lock and other trust agents

Config-camera.pngConfig-password.png

 

 

Compliance policy settings

  • Set Required password type
  • Set Minimum password length
  • Set Number of days until password expires
  • Set Number of previous passwords to prevent reuse

compliance-password.png

 

 

Additional impacts based on Android OS version

Android 10: For all device administrator managed devices (including Samsung) running Android 10 and later, Google has restricted the ability for device administrator management agents like Company Portal to access device identifier information. This restriction impacts the following Intune features after a device is updated to Android 10 or later:

  • Network access control for VPN will no longer work
  • Identifying devices as corporate-owned with an IMEI or serial number won't automatically mark devices as corporate-owned
  • The IMEI and serial number will no longer be visible to IT admins in Intune

Android 11: We are currently testing Android 11 support on the latest developer beta release to evaluate if it will cause impact on device administrator managed devices.

User experience of impacted settings on impacted devices

Impacted configuration settings:

  • For already enrolled devices that already had the settings applied, the impacted configuration settings will continue being enforced.
  • For newly enrolled devices, newly assigned settings, and updated settings, the impacted configuration settings will not be enforced (but all other configuration settings will still be enforced).

Impacted compliance settings:

  • For already enrolled devices that already had the settings applied, the impacted compliance settings will still show as reasons for noncompliance on the “Update device settings” page, the device will be out of compliance, and the password requirements will still be enforced in the Settings app.
  • For newly enrolled devices, newly assigned settings, and updated settings, the impacted compliance settings will still show as reasons for noncompliance on the “Update device settings” page and the device will be out of compliance, but stricter password requirements will not be enforced in the Settings app.

Cause of impact

Devices will begin being impacted in the fourth quarter of 2020. At that time, there will be a Company Portal app update that will increase the Company Portal API targeting from level 28 to level 29 (as required by Google).

At that point, device administrator managed devices that are not manufactured by Samsung will be impacted once the user completes both these actions:

  • Updates to Android 10 or later
  • Updates the Company Portal app to the version that targets API level 2

 

What do I need to do to prepare for this change?

To avoid the reduction in functionality coming in the fourth quarter of 2020, we recommend the following:

Additional information

7 Comments
Senior Member

Thank you for reiterating this. The timeline and impacts/non-impacts for the deprecation of Android Device Administrator management had been a tad confusing.

 

Regarding the Android Enterprise support caveat "(for devices that can reliably connect to Google Mobile Services)" – is it on the roadmap for Intune to support Android Enterprise enrollment on devices that do not have access to Google Mobile Services? (AOSP, etc) Some other big-name MDMs can manage such devices.

Occasional Visitor

Will support for Android Enterprise be coming to Office 365 MDM? This only supports Android device administrator enrollment and will be affected by these changes.

Occasional Visitor

What about non-Samsung devices that's used in China. Since Android Enterprise is not available there, how are we tackling this issue for China?

Hi @tmaguire, there are no current plans for Microsoft 365 Mobile Device Management to support Android Enterprise support, as the current supported device types for MDM for Microsoft 365 are available here. If you'd like to start managing Android Enterprise devices you may want to consider moving to Intune. You can learn more about Intune here and you can start enrolling Android Enterprise devices in a few ways listed here. Hope this helps!

Regular Visitor

We use Samsung devices because of the smooth management by Intune through the device management. Are there any plans or schedules, then it won't work with Samsung either? All other management methods via Android Enterprise/Working Profile or mam policies do not meet our business needs. 

So we are currently staying with the android device management for the moment.

Hi @florianH, thanks for the feedback. There are no current plans to end support on Samsung devices. For any future Intune changes and features - We’ll be communicating these notices in advance within the Message Center as well as an posting an update within our Intune - Notices docs.

Hi @chetan19871, Android Enterprise is not available in China. We’re continuing to evaluate our Android management options in China.