Android Enterprise dedicated devices are corporate-owned, kiosk-style devices intended for a specific tasks, such as digital signage, ticket printing, or inventory management. Admins can lock down these devices to a limited set of apps and enroll them in Intune without a user account or association to any specific user. During enrollment, you can choose to configure Android Enterprise dedicated devices in Azure AD shared device mode, which enables single sign-on (SSO) and single sign-out across participating applications. For more information, see: Enroll Android Enterprise dedicated devices into Azure AD Shared device mode.
AOSP devices are corporate-owned devices built on the Android Open Source Project (AOSP) platform that aren’t integrated with Google Mobile Services (GMS). AOSP offers two management modes, one for user-associated devices and one for devices enrolled without any user association. Intune enrollment for AOSP devices is in public preview. For more information, see:
App protection policies for Shared device mode and AOSP
With this new capability, you can target your app protection policies to apps on Intune-managed Android Enterprise dedicated devices (in shared device mode) and AOSP devices, which provides more granular management and protection of your organization’s data.
Android Enterprise dedicated devices with Azure AD Shared mode
AOSP user-less devices
AOSP user-associated devices
Target app protection policies to specific device types in Microsoft Endpoint Manager admin center
With this new availability, existing policies with Target to apps on all device types set to Yes will now automatically include AOSP devices and Android dedicated devices in Azure AD shared device mode. If desired, you can update these policies to select which of these device types you want to receive the policy.
If you have questions or comments for the Intune team, reply to this post or reach out to @IntuneSuppTeam on Twitter.