Keeping frontline workers digitally connected is a strategic differentiator for many organizations. They need the tools and resources to be productive.
Microsoft is pleased to announce the ability to manage devices that run on Android Open Source Project (AOSP) in a Microsoft Endpoint Manager public preview. With an increasing number of these purpose-built, mobile devices used by workers in the enterprise on the frontline, organizations need an easy way to enable workers to safely use collaboration and productivity apps, like Teams, while protecting company data that is shared when performing critical workflows.
RealWear is the first Android (AOSP) device that will be supported by Endpoint Manager for corporate AOSP management. With the Teams integration on RealWear devices announced last year, Microsoft customers can add RealWear devices to their digital estate at scale and use the Endpoint Manager to manage and protect the endpoint experience for their frontline workers in the same place that they manage endpoints for their information workers.
Devices that run Android (AOSP) do not have access to Google Mobile Services (GMS) – such as the Google Play store and capabilities delivered in Google’s Android Enterprise management offering -- and therefore require a new management approach in Microsoft Endpoint Manager.
Endpoint Manager is a market leader in providing unified, cross platform cloud management of devices used by workers in remote or hybrid work environments as well as those on the frontline.
Today, Endpoint Manager currently supports the following Android device management methods:
Without support from Endpoint Manager, organizations will not be able to bring AOSP devices into their device management fold. The launch of AOSP management for corporate devices will help bring the specialty, or purpose-built devices, used on the frontline and across the organization together in one cloud connected platform with their other mobile and desktop endpoints.
Microsoft is launching support for managing Android (AOSP) in preview in the 2110 release of Endpoint Manager. This includes:
With the new AOSP management option for corporate devices, the device can either be provisioned as a device assigned to a single user (or a user-associated) device or as a shared device. This is important because it gives organizations the flexibility about how they deploy the device. For example, for RealWear devices, these devices can now be deployed to allow a fleet of frontline workers who may work at a common location to share devices. This may reduce the total cost of endpoint ownership. Alternatively, RealWear devices can be provisioned for single use should the frontline workers be widely dispersed, enabling each worker to effectively complete their specific tasks when required and providing organizations the choice on how to securely manage the device.
In both scenarios, you can create multiple enrollment profiles with unique tokens. The enrollment profile will allow you to include the network needed to initiate and complete provisioning.
Once the profile has been created, the QR code can be retrieved and sent to the end user to complete the provisioning. The end-to-end experience is aligned with how other corporate Android devices are provisioned in Endpoint Manager today.
End user enrollment
During the first run experience on the RealWear device, the end user will be guided to scan the admin-provided QR code and to accept the prompt to continue the enrollment process.
After the end user accepts and starts the enrollment process, the Microsoft Intune app and the Microsoft Authenticator app are downloaded to the device and the user is guided through the provisioning experience. As illustrated below, the Microsoft experience for AOSP management ensures a shared device can be easily registered and provisioned without requiring any user credentials, allowing the device to be managed in a user-agnostic fashion.
During the entire process, the user will be locked into the Intune provisioning flow until registration and enrollment are complete. This ensures that no corporate data is accessed on the device before it is managed. This also prevents end user confusion if management policies interrupt or disrupt an ongoing session, resulting in a better end to end experience. Once provisioning is complete, the user can access the RealWear home screen.
Device Configuration and Compliance
Endpoint Manager also provides flexibility to manage Android (AOSP) devices independent of how they manage devices with other Android device management modes. This means that they can configure the Android (AOSP) devices in a way that is compliant based on their policies and practices for data protection for specific user scenarios and specialty device use without impacting policies created for scenarios that use Android Device Administrator and Android Enterprise managed devices.
For example, organizations can apply compliance policies to ensure that only RealWear devices with have a minimum approved OS version of at least Android 10.0 can access corporate data.
Additionally, the organization can configure the device to block Bluetooth on the device or prevent the user from factory resetting the device on their own.
Consistent approach to endpoint management
Once a device is enrolled it can be managed from the Endpoint Manager portal. This means that Android AOSP devices will be included in the “All Devices” inventory in the Endpoint Manager portal. With filters, administrators can choose to selectively view just the Android AOSP devices.
Additionally, Endpoint Manager allows the administrator to see the device properties and provides access to remote actions, such as Wipe and Delete, for added protection of potentially sensitive information.
There are a few scenarios not yet supported in this preview release but will be completed when we roll this capability out for general availability, including:
At present, RealWear devices (running Android 10.0 or later) are the only supported devices for AOSP management in Endpoint Manager. We are working to expand the portfolio of supported devices and will share more details as appropriate. We are committed to empowering organizations to support a wide variety of workloads and user scenarios in new ways. For example, many virtual or augmented reality devices also run AOSP. With endpoint management, onsite training scenarios or remote assistance for technicians across dispersed locations can be delivered in a way that is configured and deployed to meet the evolving need for single and shared use specialty devices.
You can try out the new capabilities to manage your RealWear devices running Android (AOSP) knowing that you have the full support from Microsoft. To learn how to provision and configure AOSP devices, documentation is available here. For more information on the Endpoint Manager public preview program, check out our Public preview overview in Microsoft Intune documentation page.
As always, we want to hear from you!
You can let us know about your Endpoint Manager and Android AOSP corporate device experiences through comments on this blog post or reach out to @IntuneSuppTeam on Twitter. Tweet your feedback about Microsoft Endpoint using the hashtag #MEMpowered. Keep up with ongoing developments on Endpoint Manager by following the Microsoft Endpoint Manager Blog and @MSIntune on Twitter.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.