Blog Post

Intune Customer Success
2 MIN READ

Intune APP now available for Android Enterprise dedicated devices in shared mode and AOSP devices

Intune_Support_Team's avatar
Jun 30, 2022

By Ileana Wu – Sr Product Manager | Microsoft Endpoint Manager – Intune

We’re pleased to announce that Microsoft Intune app protection policies (APP, also known as MAM) is now available for some additional Android device types:

  • Intune-managed Android Enterprise dedicated devices enrolled with Azure Active Directory (Azure AD) shared device mode
  • Android Open Source Project (AOSP) devices

Note: Intune APP is still unsupported for Intune-managed Android Enterprise dedicated devices that are not enrolled in Azure AD shared device mode. For more information, see: App protection experience for Android devices.

Device type overview

Android Enterprise dedicated devices are corporate-owned, kiosk-style devices intended for a specific tasks, such as digital signage, ticket printing, or inventory management. Admins can lock down these devices to a limited set of apps and enroll them in Intune without a user account or association to any specific user. During enrollment, you can choose to configure Android Enterprise dedicated devices in Azure AD shared device mode, which enables single sign-on (SSO) and single sign-out across participating applications. For more information, see: Enroll Android Enterprise dedicated devices into Azure AD Shared device mode.


AOSP devices are corporate-owned devices built on the Android Open Source Project (AOSP) platform that aren’t integrated with Google Mobile Services (GMS). AOSP offers two management modes, one for user-associated devices and one for devices enrolled without any user association. Intune enrollment for AOSP devices is in public preview. For more information, see:

App protection policies for Shared device mode and AOSP

With this new capability, you can target your app protection policies to apps on Intune-managed Android Enterprise dedicated devices (in shared device mode) and AOSP devices, which provides more granular management and protection of your organization’s data.

 

When you create or modify APP in the Microsoft Endpoint Manager admin center, you will see new options available in the Device types drop-down menu:

  • Android Enterprise dedicated devices with Azure AD Shared mode
  • AOSP user-less devices
  • AOSP user-associated devices

 

Target app protection policies to specific device types in Microsoft Endpoint Manager admin center

 

With this new availability, existing policies with Target to apps on all device types set to Yes will now automatically include AOSP devices and Android dedicated devices in Azure AD shared device mode. If desired, you can update these policies to select which of these device types you want to receive the policy.

 

If you have questions or comments for the Intune team, reply to this post or reach out to @IntuneSuppTeam on Twitter.

Updated Jun 30, 2022
Version 1.0
  • Hi Intune_Support_Team ,

     

    Most urging question is when will there be more supported apps other than Teams and managed home screen. For Intune-managed Android Enterprise dedicated devices enrolled with Azure Active Directory (Azure AD) shared device mode?

     

    And when is Android version 12 fully compatible with Intune-managed Android Enterprise dedicated devices enrolled with Azure Active Directory (Azure AD) shared device mode?

     

    Kind regards. 🙂

  • BrianKorrow's avatar
    BrianKorrow
    Brass Contributor

    Step in the right direction. It would be nice to not have the apps in shared AAD mode display that they are under management, as it’s an unnecessary impediment to the user experience, but it worked as expected. I did notice that edge browser lost the settings on one occasion that required a sign out and back in to the shared mode, but I have not been able to reproduce. Could’ve been a one off.