By Ileana Wu – Sr Product Manager | Microsoft Endpoint Manager – Intune
We’re pleased to announce that Microsoft Intune app protection policies (APP, also known as MAM) is now available for some additional Android device types:
Note: Intune APP is still unsupported for Intune-managed Android Enterprise dedicated devices that are not enrolled in Azure AD shared device mode. For more information, see: App protection experience for Android devices.
Android Enterprise dedicated devices are corporate-owned, kiosk-style devices intended for a specific tasks, such as digital signage, ticket printing, or inventory management. Admins can lock down these devices to a limited set of apps and enroll them in Intune without a user account or association to any specific user. During enrollment, you can choose to configure Android Enterprise dedicated devices in Azure AD shared device mode, which enables single sign-on (SSO) and single sign-out across participating applications. For more information, see: Enroll Android Enterprise dedicated devices into Azure AD Shared device mode.
AOSP devices are corporate-owned devices built on the Android Open Source Project (AOSP) platform that aren’t integrated with Google Mobile Services (GMS). AOSP offers two management modes, one for user-associated devices and one for devices enrolled without any user association. Intune enrollment for AOSP devices is in public preview. For more information, see:
With this new capability, you can target your app protection policies to apps on Intune-managed Android Enterprise dedicated devices (in shared device mode) and AOSP devices, which provides more granular management and protection of your organization’s data.
When you create or modify APP in the Microsoft Endpoint Manager admin center, you will see new options available in the Device types drop-down menu:
Target app protection policies to specific device types in Microsoft Endpoint Manager admin center
With this new availability, existing policies with Target to apps on all device types set to Yes will now automatically include AOSP devices and Android dedicated devices in Azure AD shared device mode. If desired, you can update these policies to select which of these device types you want to receive the policy.
If you have questions or comments for the Intune team, reply to this post or reach out to @IntuneSuppTeam on Twitter.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.