By Ileana Wu – Sr Product Manager | Microsoft Endpoint Manager – Intune
We’re pleased to announce that Microsoft Intune app protection policies (APP, also known as MAM) is now available for some additional Android device types:
- Intune-managed Android Enterprise dedicated devices enrolled with Azure Active Directory (Azure AD) shared device mode
- Android Open Source Project (AOSP) devices
Note: Intune APP is still unsupported for Intune-managed Android Enterprise dedicated devices that are not enrolled in Azure AD shared device mode. For more information, see: App protection experience for Android devices.
Device type overview
Android Enterprise dedicated devices are corporate-owned, kiosk-style devices intended for a specific tasks, such as digital signage, ticket printing, or inventory management. Admins can lock down these devices to a limited set of apps and enroll them in Intune without a user account or association to any specific user. During enrollment, you can choose to configure Android Enterprise dedicated devices in Azure AD shared device mode, which enables single sign-on (SSO) and single sign-out across participating applications. For more information, see: Enroll Android Enterprise dedicated devices into Azure AD Shared device mode.
AOSP devices are corporate-owned devices built on the Android Open Source Project (AOSP) platform that aren’t integrated with Google Mobile Services (GMS). AOSP offers two management modes, one for user-associated devices and one for devices enrolled without any user association. Intune enrollment for AOSP devices is in public preview. For more information, see:
App protection policies for Shared device mode and AOSP
With this new capability, you can target your app protection policies to apps on Intune-managed Android Enterprise dedicated devices (in shared device mode) and AOSP devices, which provides more granular management and protection of your organization’s data.
When you create or modify APP in the Microsoft Endpoint Manager admin center, you will see new options available in the Device types drop-down menu:
- Android Enterprise dedicated devices with Azure AD Shared mode
- AOSP user-less devices
- AOSP user-associated devices
Target app protection policies to specific device types in Microsoft Endpoint Manager admin center
With this new availability, existing policies with Target to apps on all device types set to Yes will now automatically include AOSP devices and Android dedicated devices in Azure AD shared device mode. If desired, you can update these policies to select which of these device types you want to receive the policy.
If you have questions or comments for the Intune team, reply to this post or reach out to @IntuneSuppTeam on Twitter.