Microsoft Intune support for Android Enterprise fully managed devices is now generally available

Published Sep 23 2019 03:00 AM 58.6K Views
Microsoft

(This post is co-authored by Priya Ravichandran, Senior Program Manager, Microsoft 365) 

 

We are pleased to announce that Microsoft Intune support for Android Enterprise fully managed devices is now generally available.

 

Android Enterprise fully managed is one of the “device owner” management scenarios in the Android Enterprise solution set. This scenario enables user productivity on corporate devices while allowing IT admins to manage capabilities needed by the organization. We have seen an overwhelming uptake of this management capability throughout the multiple phases of public preview making this the most widely adopted preview for Android management thus far. In preview, we have tens of thousands of devices across global customers already using it configure and manage their Android devices. In addition to this extensive adoption, we have received significant feedback from the community and customers alike. With this release, customers can deliver a high quality and feature-rich productivity scenario for users on corporate-owned devices while maintaining an extended set of policy controls over the devices.

Onboarding a fully managed device

Intune supports popular provisioning technologies with Android Enterprise devices running Android 6.0 and later, including:

  • Knox Mobile Enrollment
  • NFC
  • QR Code
  • Token Entry
  • Zero Touch Enrollment

Deploying fully managed devices start when a new device is acquired and unboxed, or an existing device is factory reset. Using Intune’s enrollment token with your preferred choice of deployment technology, the fully managed provisioning workflow will launch the out of the box experience (OOBE) that will then guide the user though the necessary steps to complete the onboarding process.

 

Once the user enters their corporate credentials, the onboarding process starts with guiding the user through the process of setting up a device PIN based on the organization policy. Having this set up during OOBE ensures that the device is protected against misuse from the start.          

clipboard_image_14.png

Figure 1: Fully managed OOBE guides user to set up PIN

 

OOBE will automatically download the Microsoft Intune app, Microsoft Authenticator app and the Microsoft Intune Company Portal app. Additionally, the user is also made aware of the full list of required apps that the organization is pushing to their device, making the process more transparent to the end user.

clipboard_image_15.png

 

Figure 2: OOBE installs the two required apps and shows the user the rest of the mandatory apps being installed

 

Since the download of these additional apps start immediately in the background, the user gets a head start having the right tools for the job.

 

The final piece of the OOBE is registering the device with Azure Active Directory. Device registration during OOBE ensures that the device is compliant with the organization’s requirements before being able to access any corporate resources on the device.

clipboard_image_16.png

Figure 3: User starts device registration in OOBE

  

clipboard_image_17.png

      

Figure 4: Device registration completes during OOBE

  

At the end of the onboarding workflow, the user now has a device that has all the policies and apps they need to be productive and secure.

Multi Factor Authentication with fully managed devices

Multi Factor Authentication (MFA) is a key part of the authentication process for many organizations. With this GA release, the fully managed device will be able to support MFA policies that have been put in place by the organization.

Configuring certificates and resource access policies

On a fully managed device, you can deploy both root certificates and SCEP certificates for authentication. Along with certificate profiles, resource access profiles are also now supported with the full spectrum of authentication options. Email, Wi-Fi and VPN profiles can also be created to leverage the certificate profiles needed for your organization.

 

This support allows your organization to determine which resources are used on a device and how the user can authenticate before using it. For example, you can allow a device to use a specific Wi-Fi profile and authenticate with a certificate that has been pushed to the device, in this case a SCEP certificate you deployed.

Enabling corporate and personal applications on the device

On a fully managed device, Intune provides a locked down approach to apps. By preventing the sideloading of apps on the device, the device maintains its security posture. Organizations do not have to enable installing apps from untrusted sources, which is a concern with the previous device administrator management mode. To ensure that only apps from approved sources are installed on the device, organizations can leverage the Managed Google Play store to distribute corporate apps to managed devices.

 

An organization may deploy additional policies to allow users to install other apps from the public Play store on the device, if they wish to, allowing users to personalize their work device. By default, access to the public Play store is blocked on a fully managed device.

clipboard_image_18.png

Figure 5:Enabling end user access to the consumer store on fully managed devices

System applications

System apps – like the camera and the dialer – are key apps that are required by many organizations for their users to do their jobs as expected. Intune enables granular control over system apps on Android Enterprise corporate devices. Admins can manage system apps at the package level to ensure that only key apps needed for productivity are enabled on the device, excluding other system apps that are not relevant to the organization. 

Blog Figure 06.png

Figure 6: Adding and managing system apps - like the Samsung Clock app - on fully managed devices

 

In addition, since these are post-provisioning policy deployments, the list of enabled system apps can be adjusted over the life of the device to meet the organization’s needs.  

Configuration and compliance

The fully managed device supports all the Android Enterprise Device Owner settings offered in the Intune console. Additionally, Intune now supports the ability to create compliance policies on fully managed devices, including:

  • Support for enforcement of PIN complexity requirements
  • Support for specifying a threat level threshold for the device and leveraging Mobile Threat Defense providers
  • Support for SafetyNet Attestation, which will incorporate the jailbreak detection as well.

As with other Intune managed devices, when a device does not meet the compliance requirements, the user is notified and provided with guidelines on how to mitigate the issue. For fully managed devices, end user experiences are now surfaced in the new Microsoft Intune app.

Redesigned end user experience in the Microsoft Intune app

This new modern and light-weight app, simply called ‘Microsoft Intune’, enables the experiences that end users know and love in the Company Portal app for fully managed devices, including managing compliance for their devices, getting support from their organization, and viewing notifications.

 

 

clipboard_image_20.png

   

Figure 7: View devices, update settings when needed, and view notifications

 

clipboard_image_21.png

  

Figure 8: Get support when needed, view organizational terms, and view user profile

 

The latest release of Microsoft Intune app for Android has the following updates:

  • Improved layout with bottom navigation for the most important actions.
  • Added an additional page that shows the user's profile.
  • Added the display of actionable notifications in the app to inform the user, such as the need to update their device settings.
  • Added the display of custom push notifications, aligning the app with the support recently added in the Company Portal app for iOS and Android.

Today, this new app is only for the fully managed scenario; in all other Android management scenarios, Company Portal will continue to be the end user app.

App protection policies

Intune app protection policies are wholly supported on fully managed devices, at parity with support on other platforms. The Microsoft Company Portal is automatically deployed in the background to enable the additional layer compliance control.

 

OEMConfig support

Intune has full support for the OEMConfig framework, including an intuitive configuration designer UI that allows organizations to easily leverage supported OEM-specific settings on their fully managed devices. For more details, see this blog post on the OEMConfig configuration designer or refer to the Intune documentation on OEMConfig.

 

Microsoft Launcher for Enterprises

Another key aspect of managing a corporate device – like a Fully Managed device – is to ensure that all end users have a consistent home screen experience on the device. This includes being able to clearly brand the device as well as ensure that the key apps needed for their role are accessible and discoverable on the device. The Microsoft Launcher is a key partner in enabling this well-defined end user experience on corporate devices.  When the Microsoft Launcher is deployed to a device, the Launcher is able to detect that the device is a corporate device and will then enable enforce any app config settings that the admin has specified. This includes being able to set a device wallpaper as well as the list and order of applications on the home screen.

clipboard_image_22.png

Figure 9 Microsoft Launcher home screen experience on work-managed Android device

While the launcher configuration is currently only exposed via the App config workflow, we are partnering with the Microsoft Launcher team to deliver a first class configuration experience in the Intune Admin Console – to match the experience that is available for the Managed Home Screen today. Watch this space for updates.

 

Next steps

We’re excited to share this milestone with our Microsoft Intune customers who can now deliver a premier manageability and security experience to their end users on Android Enterprise devices. As we continue to innovate on the Android Enterprise platform, we look forward to your ongoing usage and feedback.

Fully managed support is the next step in Intune's commitment to full Android Enterprise support. Also look for new support for private publishing within the Intune console, as well as web link support launching at the same time as Fully managed.  We're committed to a full set of Android Enterprise scenarios that meet high standards of manageability and privacy, so stay tuned for more on this in the coming months.

 

Learn more

Documentation:

Previous blogs in this series:

 

 

More info and feedback

Learn how to get started with Microsoft Intune with our detailed technical documentation. Don’t have Microsoft Intune? Start a free trial or buy a subscription today!

 

As always, we want to hear from you! If you have any suggestions, questions, or comments, please visit us on our Tech Community page.

 

Follow @MSIntune on Twitter

101 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-870358%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870358%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20there%20any%20possibilities%20for%20data-seperation%3C%2FP%3E%3CP%3Eto%20protect%20managed%20data%20from%20unmanged%20Apps%20Like%20WhatsApp%3F%20Like%20iOS%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870430%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870430%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F2372%22%20target%3D%22_blank%22%3E%40Patrick%20Boeck%3C%2FA%3E%26nbsp%3BIntune%20App%20Protection%20Policies.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870491%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870491%22%20slang%3D%22en-US%22%3E%3CP%3EAny%20plans%20for%20backup%2Frestore%20functionality%3F%20-%20It%20appears%20to%20be%20greyed%20out%20%26amp%3B%20blocked.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20users%20that%20don't%20want%20to%20factory%20reset%20their%20devices%20(in%20order%20to%20enroll%20into%20fully%20managed)%20as%20they%20have%20data%20that%20they%20want%20to%20be%20backed%20up%20and%20then%20restored%20into%20the%20fully%20managed%20solution.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOur%20usual%20method%20of%20using%20Samsung%20smart%20switch%20is%20blocked%20by%20fully%20managed%20and%20I%20can't%20see%20any%20obvious%20configuration%20settings%20in%20Intune%20relating%20to%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870599%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870599%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20the%20Intune%20app%20for%20Android%20only%20used%20for%20corporate%20owned%20devices%3F%20Using%20an%20enrolled%20personal%20device%2C%20Intune%20says%20%22Your%20account%20is%20configured%20to%20use%20the%20Company%20Portal%20app%20instead.%22%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870177%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870177%22%20slang%3D%22en-US%22%3E%3CP%3EHave%20enrolled%20some%20devices%20as%20fully%20managed%20user%20device%2C%20it%20looks%20fine%20at%20the%20moment.%3C%2FP%3E%3CP%3EConfiguration%20policies%20are%20applied%2C%20Compliance%20policies%20are%20checked%20and%20apps%20deployed.%3CBR%20%2F%3EThe%20enrollment%20experience%20is%20much%20better%20as%20during%20the%20previews.%20So%20it%20looks%20good%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870678%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870678%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F413714%22%20target%3D%22_blank%22%3E%40chuffman%3C%2FA%3E%26nbsp%3BYes%20that%60s%20correct.%3CBR%20%2F%3EUsing%20a%20personal%20device%20to%20enroll%2C%20than%20you%20need%20to%20install%20the%20Company%20portal%20app.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870934%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870934%22%20slang%3D%22en-US%22%3E%3CP%3EWhile%20testing%2C%20I%20received%20the%20prompt%20for%20MFA%20twice%20during%20setup.%20Once%20while%20signing-in%20to%20Chrome%20to%20start%20the%20web-enrollment%2C%20and%20a%20second%20time%20while%20signing-in%20to%20Microsoft%20Intune%20to%20register%20the%20device.%20Is%20there%20anyway%20to%20not%20require%20the%20second%20MFA%20prompt%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-871481%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-871481%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F254026%22%20target%3D%22_blank%22%3E%40eglockling%3C%2FA%3E%26nbsp%3BI%20had%20similar%20experience%20during%20the%20preview%20phase%2C%20but%20not%20when%20I%20enrolled%20a%20few%20devices%20Yesterday%20in%20GA.%20Sign%20in%20to%20the%20Intune%20app%20was%20a%20SSO%20experience%2C%20no%20username%2C%20no%20password%20and%20no%20MFA%20prompt.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-871551%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-871551%22%20slang%3D%22en-US%22%3E%3CP%3ENice%20it's%20finally%20in%20GA%20but%20I%20think%20it's%20safe%20to%20say%20that%20SCEP%20profiles%20are%20not%20working.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20trying%20to%20deploy%20a%20user%20cert%20we%20get%3A%3C%2FP%3E%3CP%3ECould%20not%20connect%20to%20any%20NDES%20server%26nbsp%3B%20%26nbsp%3B----Update%20event%20received%3A%20CertAcquireFailedEvent(retryable%3Dtrue%2C%20exception%3Dnull%2C%20failureType%3DNoValidNdesServer%26nbsp%3B%20----%20Update%20effects%20dispatched.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETrying%20to%20create%20a%20device%20cert%20profile%20it%20throws%20an%20error%20saying%20that%20SAN%20is%20null%20even%20though%20it's%20not.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-871639%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-871639%22%20slang%3D%22en-US%22%3E%3CP%3EAnyone%20who%20was%20already%20successful%20publishing%20a%26nbsp%3BManaged%20Google%20Play%20private%20(LOB)%20app%20via%20Intune%3F%3CBR%20%2F%3EI%20constantly%20receive%20the%20error%3A%26nbsp%3BUpload%20a%20new%20APK%20file%20with%20a%20different%20package%20name%3CBR%20%2F%3EAlready%20removed%20the%20numbers%20and%20space%20out%20of%20the%20package%20name%2C%20without%20any%20result.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-871675%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-871675%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F310475%22%20target%3D%22_blank%22%3E%40almennn%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20having%20issues%20with%20SCEP%20certs%2C%20have%20call%20in%20with%20MS%20and%20working%20through%20it%20at%20the%20moment.%20IOS%20and%20Android%20device%20adminstrator%20scep%20certificate%20working%20fine%20without%20issue%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-871872%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-871872%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20also%20wondering%20about%20backup%20and%20restore%20functionality.%20Are%20there%20any%20plans%20to%20enable%20this%3F%20I'm%20not%20able%20to%20restore%20from%20my%20personal%20google%20account%20when%20enrolled%20with%20Android%20Enterprise.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-872150%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-872150%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226229%22%20target%3D%22_blank%22%3E%40Adrian%20Bishop%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPost%20an%20update%20regarding%20SCEP%20when%20done.%20Interesting%20to%20know%20if%20it's%20an%20easy%20fix%20or%20if%20we%20have%20to%20wait.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-874011%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-874011%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EGlad%20to%20hear%20about%20the%20update%20-%20SCEP%20profiles%20are%20however%20not%20working%20here%20either.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-874012%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-874012%22%20slang%3D%22en-US%22%3E%3CP%3Ewhat%20is%20with%20the%20PCKS%20Support%20for%20Certificate.%20any%20plans%20for%20that%20on%20the%20roadmap%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-875175%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-875175%22%20slang%3D%22en-US%22%3E%3CP%3EAnyone%20else%20also%20having%20issues%20with%20AppConfig%3F%20the%20DO%20devices%20seems%20to%20not%20pick%20up%20any%20AppConfig%20at%20all.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-875507%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-875507%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F310475%22%20target%3D%22_blank%22%3E%40almennn%3C%2FA%3E%26nbsp%3B%20We%20have%20an%20AppConfig%20applied%20to%20Edge%20on%20a%20DO%20device%20successfully.%20Did%20you%20configure%20the%20policy%20for%20Managed%20Devices%20or%20Managed%20Apps%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIntune%20managed%20apps%20will%20check-in%20with%20an%20interval%20of%2030%20minutes%20for%20Intune%20App%20Configuration%20Policy%20status%2C%20when%20deployed%20in%20conjunction%20with%20an%20Intune%20App%20Protection%20Policy.%20If%20an%20Intune%20App%20Protection%20Policy%20isn't%20assigned%20to%20the%20user%2C%20then%20the%20Intune%20App%20Configuration%20Policy%20check-in%20interval%20is%20set%20to%20720%20minutes.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-875660%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-875660%22%20slang%3D%22en-US%22%3E%3CP%3EAlso%20noticed%20that%20Appconfig%20policy%20are%20always%20showing%20as%20pending%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-875927%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-875927%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F310475%22%20target%3D%22_blank%22%3E%40almennn%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226229%22%20target%3D%22_blank%22%3E%40Adrian%20Bishop%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F414831%22%20target%3D%22_blank%22%3E%40kraghhh%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3EA%20bug%20for%20SCEP%20Profiles%20has%20been%20identified%2C%20is%20currently%20being%20resolved%2C%20and%20should%20work%20shortly.%3C%2FP%3E%0A%3CP%3EIf%20you%20continue%20to%20experience%20any%20issues%2C%20please%20let%20us%20know!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-876112%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-876112%22%20slang%3D%22en-US%22%3E%3CP%3EAny%20update%20on%20the%20time%20frame%20for%20the%20SCEP%20issue%20to%20be%20resolved%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-876346%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-876346%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F254026%22%20target%3D%22_blank%22%3E%40eglockling%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EManaged%20devices.%20I%20have%20policys%20for%20Edge%2C%20Adobe%2C%20Outlook%20and%20Knox%20Service%20Plugin.%20None%20of%20them%20have%20been%20picked%20up%20by%20the%20device%20in%203%20days.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-876798%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-876798%22%20slang%3D%22en-US%22%3E%3CP%3EUnfortunately%20SCEP%20Profiles%20are%20still%20not%20working%20properly.%26nbsp%3B%3C%2FP%3E%3CP%3EMoreover%2C%20'Trusted%20Certificate'%20profiles%2C%20even%20when%20installed%20properly%2C%20do%20not%20send%20that%20information%20back%20to%20Intune%20-%20profile%20installation%20state%20stays%20in%20'Pending'%20state%20forever.%20Only%20'Device%20Restrictions'%20seems%20to%20work.%3C%2FP%3E%3CP%3EAfter%20having%20Android%20Fully%20Managed%20enrollment%20profile%20in%20Preview%20for%20such%20a%20long%20time%2C%20this%20is%20not%20even%20funny%20to%20have%20such%20a%20bug.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-876828%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-876828%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F227398%22%20target%3D%22_blank%22%3E%40Jakub%20Galicki%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20us%20the%20state%20for%20trusted%20certificates%20and%20other%20profiles%20works%20as%20expected.%20The%20only%20thing%20not%20applying%20for%20us%20on%20the%20device%20and%20stays%20in%20a%20forever%20pending%20state%20is%20AppConfig.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-876844%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-876844%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F310475%22%20target%3D%22_blank%22%3E%40almennn%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20does%20the%20SCEP%20profile%20work%20for%20you%20too%3F%26nbsp%3B%3C%2FP%3E%3CP%3EFrankly%20I%20don't%20mind%20(at%20least%2C%20not%20at%20the%20moment)%20if%20devices%20report%20proper%20installation%20of%20profiles%20or%20applications%20(including%20AppConfig%20policies%3B%20BTW%20-%20they%20are%20applying%2C%20but%20also%20stay%20in%20'Pending'%20state).%20More%20important%20is%20proper%20SCEP%20profile%20application%20as%20this%20affects%20other%20profiles%20(WiFi%2C%20VPN)%2C%20but%20that's%20still%20out%20of%20order.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-877066%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-877066%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F310475%22%20target%3D%22_blank%22%3E%40almennn%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F90355%22%20target%3D%22_blank%22%3E%40Jakub%20Galicki%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F414831%22%20target%3D%22_blank%22%3E%40kraghhh%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20continue%20facing%20an%20issue%20with%20SCEP%20Profiles%20not%20working%20as%20expected%2C%20please%20open%20a%20support%20case%20via%20the%20Intune%20Admin%20console's%20Help%20and%20Support%20or%20any%20of%20the%20methods%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fintune%2Fget-support%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%2C%3C%2FA%3E%20as%20this%20will%20help%20the%20team%20capture%20all%20the%20information%20needed%20to%20resolve%20the%20issue.%20Also%2C%20please%20direct%20message%20us%20with%20your%20support%20case%20number%20for%20follow%20up.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-878934%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-878934%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226779%22%20target%3D%22_blank%22%3E%40Intune%20Support%20Team%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20currently%20working%20with%20several%20Customers%20trying%20to%20make%20Fully%20Managed%20devices%20work.%20Are%20you%20suggesting%20that%20I%20(or%20someone%20from%20the%20Customer's%20side)%20should%20open%20separate%20case%20for%20each%20such%20issue%3F%20I%20don't%20think%20it%20should%20be%20the%20way.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-878957%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-878957%22%20slang%3D%22en-US%22%3E%3CP%3EFacing%20issues%20with%20SCEP%20on%20fully%20managed%20devices.%20Getting%20error%20'0%20no%20error%20code'%20The%20RootCA%20cert%20gets%20deployed%20successfull.%20Created%20a%20support%20case%20already.%20I%20see%20the%20device%20hitting%20the%20IIS%20scep%20site%20http%20200%20but%20then%20nothing%20in%20ndesplugin.log.%20Engineer%20is%20looking%20in%20to%20it.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-879114%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-879114%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20the%20same%20issues%20with%20the%20SCEP%20certificate.%20We%20can%20see%20the%20device%20in%20the%20IIS%20log.%20But%20also%20no%20entry%20in%20the%20ndesplugin.log.%20If%20no%20resolution%20is%20published%20soon%20I%20will%20create%20a%20MS%20support%20ticket.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-879547%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-879547%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20opened%20a%20support%20ticket%20for%20the%20same%20issue%20with%20SCEP%20profile%20failing%20for%20Android%20Enterprise%20fully%20managed.%3C%2FP%3E%3CP%3EHowever%2C%20this%20might%20be%20the%20cause%20of%20the%20issue%20for%20myself%2C%20not%20sure%20if%20it's%20the%20same%20for%20others%20here.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESCEP%20certificate%20profiles%20for%20the%20%3CEM%3EDevice%20Owner%20Only%3C%2FEM%3E%20profile%20have%20the%20following%20limitations%3A%3C%2FP%3E%3COL%3E%3CLI%3E%3CP%3EThe%20following%20variables%20are%20not%20supported%3A%3C%2FP%3E%3CUL%3E%3CLI%3ECN%3D%7B%20%7B%20OnPrem_Distinguished_Name%20%7D%20%7D%3C%2FLI%3E%3CLI%3E%3CFONT%20color%3D%22%23ff0000%22%3ECN%3D%7B%20%7B%20onPremisesSamAccountName%20%7D%20%7D%3C%2FFONT%3E%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3CLI%3E%3CP%3EUnder%20Monitoring%2C%20certificate%20reporting%20isn't%20available%20for%20Device%20Owner%20SCEP%20certificate%20profiles.%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3ERevocation%20of%20certificates%20provisioned%20by%20SCEP%20certificate%20profiles%20for%20Device%20Owner%20isn%E2%80%99t%20supported%20through%20Intune%2C%20but%20can%20be%20managed%20through%20an%20external%20process%20or%20directly%20with%20the%20certification%20authority.%3C%2FP%3E%3C%2FLI%3E%3C%2FOL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-882174%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-882174%22%20slang%3D%22en-US%22%3E%3CP%3EStill%20see%20issues%20with%20SCEP%20today.%20Initital%20setup%20I%20had%20was%20with%20Subject%20%3D%26nbsp%3B%3CSPAN%3ECN%3D%7B%20%7B%20onPremisesSamAccountName%20%7D%20%7D%20but%20there%20appears%20to%20be%20a%20recently%20documented%20limitation%20for%20DO%20devices%20as%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F254026%22%20target%3D%22_blank%22%3E%40eglockling%3C%2FA%3E%26nbsp%3Balready%20mentioned.%20However%2C%20using%20Subject%20%3D%20Common%20Name%20or%20any%20other%20supported%20attribute%2C%20still%20does%20not%20work%20at%20this%20moment.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20question%20outstanding%20with%20our%20TAM%20why%20onPremisesSamAccountName%20is%20not%20supported%20for%20Fully%20Managed.%20We%20have%20a%20huge%20dependency%20on%20certificates%20with%20the%20Subject%20reflecting%20the%20SamAccount%20for%20about%2050%20in-house%20lob%20apps.%20For%20Work%20Profile%20devices%20it%20does%20work%2C%20which%20leads%20to%20believe%20it%20is%20not%20a%20technical%20but%20more%20of%20a%20strategic%20limitation.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-882177%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-882177%22%20slang%3D%22en-US%22%3E%3CP%3EAnother%20issue%20I%20have%20noticed%20is%20Compliance%20in%20combination%20with%20Mobile%20Threat%20Defense.%20Even%20though%20the%20compliance%20policy%20for%20DO%20devices%20allows%20me%20to%20specifify%20'%3CSPAN%3ERequire%20the%20device%20to%20be%20at%20or%20under%20the%20Device%20Threat%20Level'%2C%20it%20doesn't%20seem%20to%20be%20evaluated%20at%20all%20for%20my%20Fully%20Managed%20device.%3CBR%20%2F%3E%3CBR%20%2F%3EWhen%20I%20look%20at%20the%20DO%20Compliance%20policy%2FPer-setting%20status%20page%2C%20the%20specific%20entry%20'%3CSPAN%3ERequire%20the%20device%20to%20be%20at%20or%20under%20the%20Device%20Threat%20Level'%26nbsp%3B%3C%2FSPAN%3Eseems%20to%20be%20missing%20entirely.%3CBR%20%2F%3E%3CBR%20%2F%3EInterestingly%2C%20when%20I%20do%20activate%20the%20MTD%20client%20(Lookout)%20on%20the%20Fully%20Managed%20endpoint%2C%20the%20Compliance%20policy%20for%20%3CEM%3EWork%20Profile%20devices%3C%2FEM%3E%20gets%20added%20to%20the%20evaluated%20list%20of%20compliance%20policies%20for%20that%20device.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-882566%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-882566%22%20slang%3D%22en-US%22%3E%3CP%3EI%20still%20have%20massively%20inconsistent%20experiences%20with%20devices%20not%20showing%20as%20compliant%20after%20enrolment.%20One%20day%20a%20user%20will%20enrol%20and%20be%20compliant%2C%20the%20next%20day%20another%20user%20will%20enrol%20and%20show%20as%20non-compliant.%20There%20are%20no%20differences%20between%20the%202%20users%20who%20have%20enrolled%20but%20it%20seems%20to%20be%20a%20roll%20of%20the%20dice%20as%20to%20whether%20or%20not%20they%20will%20show%20as%20compliant.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-882687%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-882687%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F234708%22%20target%3D%22_blank%22%3E%40Raymond%20Huis%20in%20't%20Veld%3C%2FA%3E%26nbsp%3BI%20see%20the%20exact%20same%20behavior%20for%20Device%20Threat%20level%20in%20our%20tenants.%3CBR%20%2F%3EThe%20DO%20setting%20is%20missing.%20The%20Work%20profile%20seems%20to%20eb%20evaluated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-882971%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-882971%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3194%22%20target%3D%22_blank%22%3E%40Peter%20Klapwijk%3C%2FA%3E%26nbsp%3B%20I%20noticed%20your%20question%20whether%20anybody%20had%20been%20able%20to%20upload%20APKs%20to%20Managed%20Google%20Play%20as%20a%20private%20app%20via%20Intune%20(iframe).%20I%20have%20been%20able%20to%20do%20so.%20The%20message%20you%20are%20getting%20about%20'different%20package%20name'%20refers%20to%20the%20app%20id%20(com.sec.android.etcera).%20Apparently%20somewhere%20in%20the%20Google%20Play%20an%20app%20already%20exists%20with%20the%20specific%20app%20id.%20Have%20you%20been%20testing%20with%20the%20same%20apk%20(or%20an%20earlier%20iteration)%20in%20the%20Play%20Console%20before%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-882985%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-882985%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F234708%22%20target%3D%22_blank%22%3E%40Raymond%20Huis%20in%20't%20Veld%3C%2FA%3E%26nbsp%3BThnx%20for%20the%20reply!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20mean%20time%20we%20are%20able%20to%20deploy%20an%20app%20to%20the%20private%20store.%20The%20developer%20indeed%20needed%20to%20change%20the%20app%20id.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-886981%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-886981%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20an%20official%20website%20for%20a%20list%20of%20known%20issues%20with%20inTune%20enrollments%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-887282%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-887282%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%20curious%20what%20you%20guys%20think%20about%20the%20mentioned%20Microsoft%20Launcher%20for%20Enterprises.%20How%20would%20I%20deploy%20this%20in%20such%20a%20way%20it%20would%20only%20be%20required%20deployed%20on%20AE%20Fully%20Managed%20devices%3F%20Using%20a%20device%20group%3F%20My%20personal%20experience%20with%20device%20groups%20so%20far%20is%20that%20they%20update%20rather%20slowly.%20If%20I%20would%20deploy%20it%20to%20a%20user%20group%2C%20the%20same%20user%20with%20a%20BYOD%20Work%20Profile%20device%20would%20also%20receive%20the%20MS%20Launcher%20in%20the%20Work%20Profile.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20recommendations%20on%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-888770%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-888770%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20about%20auto%20enrollment%20using%20Samsung's%20KME%20for%20Fully%20Managed%20devices%3F%20I%20remember%20this%20not%20being%20available%20on%20previews%20but%20how%20about%20now%3F%20Google's%20Zero%20Touch%20works%20perfectly!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-888784%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-888784%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F378345%22%20target%3D%22_blank%22%3E%40Joni_Nieminen%3C%2FA%3E%26nbsp%3BI%20used%20the%20Samsung%20KME%20even%20in%20preview%20and%20it%20was%20working%20fine%20for%20us.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-889413%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-889413%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F418231%22%20target%3D%22_blank%22%3E%40Cris_Ten_Eyck%3C%2FA%3E%26nbsp%3B%20not%20that%20I%20know%20of%2C%20but%20a%20support%20blog%20has%20been%20posted%20with%20a%20few%20known%20issues%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2FSupport-Tip-Intune-announces-support-for-Android-Enterprise%2Fba-p%2F877378%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2FSupport-Tip-Intune-announces-support-for-Android-Enterprise%2Fba-p%2F877378%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20seems%20to%20miss%20the%20issue%20I%20mentioned%20regarding%20Mobile%20Threat%20Defense%20integration%20though.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-890485%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-890485%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F378345%22%20target%3D%22_blank%22%3E%40Joni_Nieminen%3C%2FA%3E%26nbsp%3BKME%20with%20fully%20managed%20devices%20did%20work%20fine%20for%20me%20during%20preview%20and%20still%20does%20work%20fine.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F234708%22%20target%3D%22_blank%22%3E%40Raymond%20Huis%20in%20't%20Veld%3C%2FA%3E%26nbsp%3BThe%20Threat%20Defense%20Level%20(TDL)%20issue%20is%20also%20happening%20in%20our%20tenant.%20During%20preview%20the%20work%20profile%20TDL%20policy%20was%20already%20checked%20on%20DO%20devices.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-891536%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-891536%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20it%20possible%20to%20enable%20back%20up%20services%20for%20fully%20managed%20devices%3F%20It%20is%20still%20greyed%20out.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-892076%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-892076%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F388728%22%20target%3D%22_blank%22%3E%40Nathan23055%3C%2FA%3E%26nbsp%3B%20The%20backup%2Frestore%20option%20is%20greyed-out%20even%20when%20enrolling%20with%20other%20MDM%20using%20fully%20managed%20(device%20owner).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-892282%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-892282%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F234708%22%20target%3D%22_blank%22%3E%40Raymond%20Huis%20in%20't%20Veld%3C%2FA%3E%26nbsp%3B%20I%20brought%20it%20to%20the%20attention%20of%20the%20product%20team%2C%20they%20look%20in%20to%20the%20issue%20was%20the%20response.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-892293%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-892293%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20have%20received%20reports%20from%20a%20few%20customers%20around%20Device%20Owner%20Compliance%20Policies%20not%20evaluated%2C%20and%20the%20Work%20Profile%20is%20used%20instead.%20Engineering%20is%20investigating%2C%20and%20will%20update%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2FSupport-Tip-Intune-announces-support-for-Android-Enterprise%2Fba-p%2F877378%22%20target%3D%22_self%22%3ESupport%20Tip%3A%20Intune%20announces%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%3C%2FA%3E%26nbsp%3Bblog%20as%20soon%20as%20we%20have%20more%20insight.%20Will%20also%20update%20you%20all%20here%20as%20well!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-892287%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-892287%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F234708%22%20target%3D%22_blank%22%3E%40Raymond%20Huis%20in%20't%20Veld%3C%2FA%3E%26nbsp%3BCoincidence%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESee%20the%20update%20here%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2FSupport-Tip-Intune-announces-support-for-Android-Enterprise%2Fba-p%2F877378%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2FSupport-Tip-Intune-announces-support-for-Android-Enterprise%2Fba-p%2F877378%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-892327%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-892327%22%20slang%3D%22en-US%22%3E%3CP%3ECheers%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3194%22%20target%3D%22_blank%22%3E%40Peter%20Klapwijk%3C%2FA%3E%26nbsp%3B!%3CBR%20%2F%3E%3CBR%20%2F%3EJust%20to%20make%20sure%20we're%20all%20on%20the%20same%20page%20here%3A%20The%20issue%20looks%20slightly%20different%20though%20as%20how%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226779%22%20target%3D%22_blank%22%3E%40Intune%20Support%20Team%3C%2FA%3E%26nbsp%3Bdescribes%20it.%3CBR%20%2F%3EThe%20only%20compliance%20setting%20that%20is%20not%20evaluated%20from%20the%20DO%20compliance%20policy%20is%20MTD%20(e.g.%20Lookout)%20related.%20The%20status%20from%20Lookout%20does%20not%20affect%20the%20DO%20compliance%20at%20all.%3CBR%20%2F%3E%3CBR%20%2F%3EHowever%2C%20once%20I%20activate%20the%20Lookout%20agent%20on%20the%20DO%20device%2C%20I%20see%20the%20Work%20Profile%20compliance%20policy%20being%20evaluated%20(for%20the%20DO%20device)%2C%20but%20solely%20for%20the%20MTD%20related%20compliance%20setting%20'%3CSPAN%3ERequire%20the%20device%20to%20be%20at%20or%20under%20the%20Device%20Threat%20Level'.%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20that%20makes%20sense%20%3B)%3C%2Fimg%3E%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-893203%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-893203%22%20slang%3D%22en-US%22%3E%3CP%3EI%20agree%20about%20the%20backup%20and%20restore%20functionality.%20Would%20be%20great%20to%20have%20this%20option.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226779%22%20target%3D%22_blank%22%3E%40Intune%20Support%20Team%3C%2FA%3E%26nbsp%3Bany%20plans%20on%20making%20this%20available%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20I%20did%20see%20is%20that%20you%20can%20use%20the%20Smart%20Switch%20app%20on%20Samsung%20devices%20to%20transfer%20data%2C%20apps%20and%20settings%20from%20the%20old%20phone%20to%20the%20new%20fully%20managed%20device.%20Don't%20know%20about%20the%20other%20brands.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-896568%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-896568%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20been%20asking%20this%20question%20all%20over%20and%20no%20seems%20to%20know%20the%20answer%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhy%20would%20our%20existing%20devices%20which%20are%20registered%20with%20android%20legacy%20admin%20require%20a%20factory%20reset%20before%20we%20can%20migrate%20them%20to%20enterprise%20fully%20managed%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-896638%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-896638%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F419573%22%20target%3D%22_blank%22%3E%40dan_birrell%3C%2FA%3E%26nbsp%3BThis%20is%20not%20an%20Intune%20specific%20requirement%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdevelopers.google.com%2Fandroid%2Fwork%2Fdevice-admin-deprecation%23migration_guidance_for_customers%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdevelopers.google.com%2Fandroid%2Fwork%2Fdevice-admin-deprecation%23migration_guidance_for_customers%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EQuote%3A%20%3CEM%3E%22We%20recommend%20that%20company-owned%20devices%20be%20set%20up%20as%20fully%20managed%20devices.%20Migrating%20a%20device%20from%20device%20admin%20to%20managed%20device%20requires%20a%20factory%20reset.%20Since%20this%20is%20more%20disruptive%20to%20users%2C%20we%20suggest%20a%20phased%20adoption%2C%20where%20new%20devices%20are%20enrolled%20as%20fully%20managed%20devices%20but%20existing%20devices%20are%20left%20on%20device%20admin.%22%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-898523%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-898523%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3194%22%20target%3D%22_blank%22%3E%40Peter%20Klapwijk%3C%2FA%3E%20For%20the%20APK%20upload%20error%2C%20it%E2%80%99s%20not%20the%20file%20name%20that%20is%20the%20issue.%20You%20need%20to%20have%20a%20unique%20package%20ID%20inside%20the%20app.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EFor%20example%2C%20Gmail%20package%20ID%20on%20the%20PlayStore%20is%20id%3Dcom.google.android.gm%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-898668%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-898668%22%20slang%3D%22en-US%22%3E%3CP%3ESorry%20I%20should%20have%20made%20my%20question%20clearer%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20recently%20issues%20devices%20to%20users%20and%20these%20devices%20will%20soon%20upgrade%20to%20Android%2010.%20They%20are%20currently%20managed%20under%20device%20admin%20legacy.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20if%20we%20migrate%20these%20devices%20to%20Android%20Enterprise%20fully%20managed%20all%20of%20the%20documentation%20I%20can%20find%20reports%20that%20a%20factory%20reset%20is%20required.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhy%20is%20this%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-898676%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-898676%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Folks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnother%20question.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAm%20I%20right%20in%20saying%20Intune%20does%20not%20currently%20support%20Android%20Enterprise%20Fully%20managed%20with%20work%20profile%20mode%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-898884%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-898884%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Peter%2C%26nbsp%3B%20I%20am%20sorry%20are%20you%20responding%20to%20the%20correct%20person%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20question%20was%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%3CSTRONG%3EAm%20I%20right%20in%20saying%20Intune%20does%20not%20currently%20support%20Android%20Enterprise%20Fully%20managed%20with%20work%20profile%20mode%3F%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-898796%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-898796%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F363741%22%20target%3D%22_blank%22%3E%40darren1111%3C%2FA%3E%26nbsp%3BHi%20Darren.%20Thanks%2C%20we%20already%20changed%20the%20package%20name%20and%20successfully%20uploaded%20the%20app.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-898897%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-898897%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F419573%22%20target%3D%22_blank%22%3E%40dan_birrell%3C%2FA%3E%26nbsp%3BGoogle%20announced%20in%20the%20past%20the%20(legacy)%20Device%20admin%20APIs%20would%20be%20removed%20from%20Android%2010.%20As%20a%20result%20changed%20and%20new%20Intune%20settings%20(device%20admin)%20would%20not%20be%20applied%20to%20Android%20devices%20upgraded%20to%20Android%2010%20because%20of%20the%20missing%20management%20APIs.%26nbsp%3B%20As%20existing%20settings%20would%20not%20be%20removed%2C%20the%20legacy%20devices%20would%20not%20become%20totally%20unmanaged%2C%20but%20as%20mentioned%20new%20settings%20are%20not%20applied.%3CBR%20%2F%3ETo%20get%20the%20Android%2010%20device%20back%20in%20a%20fully%20managed%20state%2C%20it%20needs%20to%20be%20managed%20as%20Device%20Owner%20device.%20Then%20you%20have%20two%20options%20for%20an%20user%20device%2C%20Android%20Enterprise%20Work%20profile%20or%20fully%20managed.%3CBR%20%2F%3EAnd%20you%20can%20only%20get%20the%20device%20fully%20managed%20during%20the%20OOBE%20(new%20device%20or%20after%20factory%20reset).%3CBR%20%2F%3E%3CBR%20%2F%3EAnd%20yes%20you%60re%20right%2C%20the%20fully%20managed%20with%20work%20profile%20option%20(COPE)%20is%20not%20available%20with%20Intune.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-899911%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-899911%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F419573%22%20target%3D%22_blank%22%3E%40dan_birrell%3C%2FA%3E%26nbsp%3BOne%20way%20or%20the%20other%2C%20moving%20from%20DeviceAdmin%20to%20AE%20Fully%20managed%20requires%20a%20factory%20reset%2C%20as%20I%20quoted%20the%20Google%20documentation.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20do%20understand%20your%20frustration%20on%20this%20though%2C%20since%20Intune%20wasn't%20ready%20to%20enroll%20devices%20as%20AE%20Fully%20Managed%20until%202%20weeks%20ago%2C%20so%20even%20for%20devices%20you've%20handed%20out%20very%20recently%2C%20the%20only%20way%20to%20manage%20them%20was%20by%20means%20of%20the%20traditional%20DeviceAdmin.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETherefore%20Google%20recommends%20a%20granular%20approach.%20Existing%20DeviceAdmin%20managed%20devices%20remain%20in%20that%20modus.%20Newly%20acquired%20devices%20you%20can%20now%20start%20enrolling%20as%20AE%20Fully%20Managed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20far%20as%20I%20understand%2C%20any%20device%20that%20was%20originally%20shipped%20with%20an%20Android%20version%20%26lt%3B10%20can%20be%20managed%20using%20DeviceAdmin%2C%20even%20when%20they're%20upgraded%20to%20Android%2010%20over%20time.%20It%20is%20only%20devices%20that%20are%20shipped%20with%20Android%2010%20at%20release%20that%20can%20only%20be%20managed%20by%20AE%20Fully%20Managed.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-901212%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-901212%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F234708%22%20target%3D%22_blank%22%3E%40Raymond%20Huis%20in%20't%20Veld%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F419573%22%20target%3D%22_blank%22%3E%40dan_birrell%3C%2FA%3E%26nbsp%3BI%20can%20confirm%20that%20devices%20which%20are%20upgraded%20from%20Android%209%20to%2010%20can%20still%20be%20managed%20with%20Device%20admin%20and%20new%2F%20changed%20settings%20are%20still%20applied.%3C%2FP%3E%3CP%3EI%20heard%20rumors%20the%20device%20admin%20APIs%20are%20not%20removed%20from%20Android%2010%2C%20but%20will%20be%20removed%20in%20the%20next%20Android%20version.%20But%20didn%60t%20find%20an%20official%20statement%20from%20Google%20on%20this.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-901581%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-901581%22%20slang%3D%22en-US%22%3E%3CP%3ELooking%20forward%20to%20getting%202.5k%20devices%20on%20Fully-Managed%20over%20the%20next%20few%20months.%20Done%20a%20lot%20of%20testing%20during%20the%20Preview%2C%20one%20dept.%20liked%20so%20much%2C%20they%20have%20been%20live%20for%20months%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-904305%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-904305%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F2372%22%20target%3D%22_blank%22%3E%40Patrick%20Boeck%3C%2FA%3E%2C%26nbsp%3BSupport%20for%20PKCS%20certs%20are%20not%20available%20today%2C%20but%20keep%20an%20eye%20out%20on%20our%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2FUEMfirstlook%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EIn%20Development%3C%2FA%3E%20and%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fintunenew%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EWhat%E2%80%99s%20New%3C%2FA%3E%20for%20new%20features%20coming%20to%20the%20service.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F418231%22%20target%3D%22_blank%22%3E%40Cris_Ten_Eyck%3C%2FA%3E%2C%26nbsp%3BKeep%20an%20eye%20out%20on%20our%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2Fbg-p%2FIntuneCustomerSuccess%22%20target%3D%22_self%22%3EIntune%20Customer%20Success%20Blog%2C%3C%2FA%3E%26nbsp%3Bfor%20any%20current%20known%20issues.%20You%20can%20also%20reach%20out%20to%20us%20on%20Twitter%20by%20tagging%20us%20at%20%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FIntuneSuppTeam%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%40IntuneSuppTeam%3C%2FA%3E%26nbsp%3Bfor%20confirmation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F413610%22%20target%3D%22_blank%22%3E%40ChrisH1994%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F292130%22%20target%3D%22_blank%22%3E%40Kvikku_1508%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F388728%22%20target%3D%22_blank%22%3E%40Nathan23055%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F254026%22%20target%3D%22_blank%22%3E%40eglockling%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10931%22%20target%3D%22_blank%22%3E%40Jeroen%20Dijkman%3C%2FA%3E%2C%26nbsp%3BThank%20you%20for%20feedback%20on%20the%20ability%20to%20enabling%20Google%20Backup%20services%20on%20Managed%20Devices%20within%20Intune%2C%20we%20hear%20you!%20Other%20customers%20have%20voiced%20their%20feedback%20about%20this%20feature%20on%20our%20UserVoice%2C%20which%20you%20may%20want%20to%20add%20your%20votes%20to%3A%20%3CA%20href%3D%22https%3A%2F%2Fmicrosoftintune.uservoice.com%2Fforums%2F291681-ideas%2Fsuggestions%2F37876654-enable-google-backup-services-on-managed-devices%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmicrosoftintune.uservoice.com%2Fforums%2F291681-ideas%2Fsuggestions%2F37876654-enable-google-backup-services-on-managed-devices%3C%2FA%3E.%20Keep%20an%20eye%20out%20on%20our%20Intune%20Customer%20Success%20Blog%2C%20In%20Development%2C%20and%20What%E2%80%99s%20New%20for%20any%20new%20features%20coming%20to%20the%20service.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F419573%22%20target%3D%22_blank%22%3E%40dan_birrell%3C%2FA%3E%2C%26nbsp%3BAdding%20onto%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3194%22%20target%3D%22_blank%22%3E%40Peter%20Klapwijk%3C%2FA%3E's%20last%20comment%2C%26nbsp%3Bwe%20are%20committed%20to%20supporting%20COPE%20and%20are%20actively%20working%20with%20the%20Android%20Platform%20team%20in%20Google%20to%20drive%20support%20for%20this%20in%20the%20Android%20Management%20API.%26nbsp%3BKeep%20an%20eye%20out%20on%20our%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2Fbg-p%2FIntuneCustomerSuccess%22%20target%3D%22_self%22%3EIntune%20Customer%20Success%20Blog%3C%2FA%3E%2C%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2FUEMfirstlook%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EIn%20Development%3C%2FA%3E%2C%20and%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fintunenew%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EWhat%E2%80%99s%20New%3C%2FA%3E%20for%20any%20new%20features%20coming%20to%20the%20service.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELastly%2C%20a%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3Es%20we%20are%20always%20working%20to%20improve%20the%20end-to-end%20experience%2C%20your%20continued%20feedback%20helps%20make%20the%20product%20better.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EWe%20are%26nbsp%3B%3CSPAN%3Egrateful%20for%20this%20community%2C%20thank%20you!%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-904325%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-904325%22%20slang%3D%22en-US%22%3E%3CP%3EQuick%20Update.%3C%2FP%3E%3CP%3ECreated%20documentation%20of%20the%20KME%2FFully-Managed%20Device%20Build%20for%20a%20Stakeholder%20presentation.%26nbsp%3B%3CBR%20%2F%3EWent%20sooooo%20smooth%2C%20no%20mishaps%20and%20very%20quick.%3C%2FP%3E%3CP%3EWhat%20was%20especially%20welcomed%20was%20the%20enforcement%20of%20adding%20a%20PIN%2FComplex%20Password%20right%20at%20the%20beginning%20and%20the%20fact%20the%20user%20does%20not%20have%20to%20%22remember%22%20to%20sign-in%20to%20the%20Intune%20app.%20This%20makes%20it%20easy%20for%20users%20to%20enrol%20with%20confidence.%26nbsp%3B%3C%2FP%3E%3CP%3EKeep%20it%20up%20MS.%20I%20will%20be%20experimenting%20with%20system%20apps%20tomorrow.%20Although%2C%20some%20of%20the%20system%20apps%20are%20delivered%20as%20default%20now%3B%20i.e.%20Camera%20app.%3CBR%20%2F%3EThe%20others%20I%20will%20deploy%20via%20the%20Android%20Enterprise%20System%20App%20option.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'll%20keep%20y'all%20posted.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-907203%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-907203%22%20slang%3D%22en-US%22%3E%3CP%3EHI%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E***Update***%20on%20the%20System%20apps.%20no%20issues%2C%20no%20bloatware%2C%20just%20basic%20%22Corporate%22%20apps%20installed.%20The%20Intune%20%22Android%20Enterprise%20System%20App%22%20option%20has%20saved%20me%20having%20to%20deploy%203rd%20party%20apps%2C%20for%20things%20like%20camera%20(previously)%20gallery%2C%20calculator%20etc.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooking%20good%20so%20far.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-911405%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-911405%22%20slang%3D%22en-US%22%3E%3CP%3EAnyone%20having%20issues%20deploying%20Enterprise%20WiFi%20settings%20using%20SCEP%3C%2FP%3E%3CP%3EThe%20SCEP%20cert%20looks%20to%20be%20installed%2C%20but%20the%20WIFI%20profile%20seems%20to%20be%20delivered%20as%20a%20WPA%20PSK%20profile%20instead%20of%20WPA%20Enterprise%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-911590%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-911590%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226229%22%20target%3D%22_blank%22%3E%40Adrian%20Bishop%3C%2FA%3E%26nbsp%3B%20-%20I%20am%20getting%20the%20same.%26nbsp%3B%20I%20can%20see%20my%20SCEP%20cert%2C%20but%20the%20WiFi%20profile%20is%20requesting%20an%20identity.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20EAP%20-%20TLS%20selected%20as%20my%20EAP%20Type.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-911810%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-911810%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F344102%22%20target%3D%22_blank%22%3E%40a_naqui%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20also%20using%20EAP-TLS%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-912209%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-912209%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226229%22%20target%3D%22_blank%22%3E%40Adrian%20Bishop%3C%2FA%3E%26nbsp%3B%20-%20Playing%20with%20my%20phone%20-%20I've%20been%20able%20to%20connect%20by%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Emanually%20selecting%20TLS%2C%3C%2FP%3E%3CP%3Eselecting%20%22Do%20not%20validate%22%20for%20root%20cert%20(couldnt%20select%20the%20root%20Cert%20even%20though%20its%20visible%20in%20settings)%3C%2FP%3E%3CP%3Eusing%20my%20username%20for%20identity%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooks%20like%20these%20settings%20are%20not%20being%20passed%20through%20by%20Intune.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-912277%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-912277%22%20slang%3D%22en-US%22%3E%3CP%3Ei%20have%20also%20found%20that%20trusted%20root%20certificates%20always%20show%20a%20notification%20on%20samsungs%20as%20being%20installed%20by%20admin%20after%20a%20restart.%20if%20i%20select%20the%20root%20certs%20and%20enter%20pin%20or%20password%20and%20click%20ok%2C%20the%20notification%20is%20not%20present%20again%20even%20on%20restarts%3C%2FP%3E%3CP%3Eit%20seems%20the%20certs%20are%20not%20being%20installed%20as%20fully%20trusted%20possibly%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-912313%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-912313%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F344102%22%20target%3D%22_blank%22%3E%40a_naqui%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226229%22%20target%3D%22_blank%22%3E%40Adrian%20Bishop%3C%2FA%3E%26nbsp%3B%2C%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EHi%20Guys%2C%3CBR%20%2F%3EA%20light%20bulb%20has%20just%20pinged%20on%20in%20my%20head.%20I%20had%20this%20issue%20way%20back%20in%20the%20early%20days%20of%20Intune%20and%20managing%20connectivity%20to%20O365.%3CBR%20%2F%3EI%20ended%20building%20NDES%20servers%20etc.%20IOS%20devices%20worked%20after%20Apple%20amended%20the%20way%20their%20certificate%20worked.%20I%20should%20have%20remembered%20this%20as%20I%20published%20an%20article%20about%20it.%20I%20don't%20know%20if%20you%20recall%20the%20old%20issue%20when%20attempting%20to%20connect%20Android%20devices%20to%20Outlook%2C%20a%20very%20generic%20%22Error%20Has%20Occurred%22%20error%20would%20be%20displayed.%20I%20found%20out%20after%20creating%20some%20crazy%20logging%20that%20even%20though%20the%20root%20cert%20was%20in%20use%20and%20trusted%2C%20the%20intermediate%20ones%20were%20NOT.%3CBR%20%2F%3EI%20got%20around%20this%20by%20explicitly%20trusting%20the%20intermediate%20certs.%20prior%20to%20doing%20this%20I%20pushed%20the%20intermediate%20ones%20to%20a%20device%20(old%20Samsung)%20and%20then%20installed%20locally.%20This%20device%20was%20then%20able%20to%20connect%20to%20Outlook.%20It%20was%20also%20related%20to%20%22Basic%20Authentication%22%20(on%20Android).%20You%20could%20test%20by%20pushing%20the%20intermediate%20certs%20too.%20Worth%20a%20try...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-912487%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-912487%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20selecting%20root%20cert%2C%20it%20only%20shows%20the%20user%20certs.%26nbsp%3B%20And%20to%20get%20it%20working%2C%20i%20chose%20%22do%20not%20validate%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20deployed%20both%20root%20and%20intermediate%20certificates%2C%20profile%20shows%20successful%20and%20i%20can%20see%20both%20certs%20on%20the%20device.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eive%20got%20a%20new%20issue%20-%20i%20removed%20wifi%20profile%20from%20device%20(which%20removed%20the%20cert).%20When%20I%20redeploy%20the%20intune%20wifi%20and%20SCEP%20profile%2C%20I'm%20now%20getting%20an%20error.%20it%20seems%20it%20can't%20give%20me%20a%20new%20SCEP%20cert.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-916141%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916141%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20has%20confirmed%20that%20there%20is%20an%20issue%20with%20Wifi%20Enterprise%20profiles%20being%20configured%20as%20WiFi%20basic%20profiles%20for%20fully%20managed%20Android%20Enterprise%20devices.%20Thanks%20to%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226229%22%20target%3D%22_blank%22%3E%40Adrian%20Bishop%3C%2FA%3E%20for%20mentioning%20this%20behaviour.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-916311%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916311%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F254026%22%20target%3D%22_blank%22%3E%40eglockling%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20a%20ticket%20number%20i%20can%20give%20to%20the%20support%20engineer%20who%20is%20working%20on%20this%20with%20us%3F%3C%2FP%3E%3CP%3EMay%20save%20any%20extra%20debugging%20if%20already%20a%20known%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-916504%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916504%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3EConcerning%20the%20SCEP%20certificate.%20We%20get%20the%202%20root%20certificates%20installed%20but%20the%20SCEP%20certificate%20does%20not.%20Has%20anyone%20succeeded%20to%20get%20the%20SCEP%20certificate%20installed%3F%3C%2FP%3E%3CP%3EWe%20were%20already%20using%20it%20with%20the%20Work%20Profile%20without%20any%20issues.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-916511%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916511%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10931%22%20target%3D%22_blank%22%3E%40Jeroen%20Dijkman%3C%2FA%3E%26nbsp%3B%20-%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3ESCEP%20cert%20works%20for%20me.%26nbsp%3B%20You%20need%20to%20configure%20a%20WiFi%20profile%20for%20the%20deployment%20to%20take%20place.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EI%20have%3A-%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ERoot%20Cert%20Deploy%3C%2FP%3E%3CP%3EIntermediate%20Cert%20Deploy%3C%2FP%3E%3CP%3ESCEP%20User%20Cert%3C%2FP%3E%3CP%3EWifi%20Config%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20gets%20me%20the%20cert.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-916520%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916520%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F344102%22%20target%3D%22_blank%22%3E%40a_naqui%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20SCEP%20certificate%20profile%20what%20have%20you%20configured%20as%20Root%20certificate%3F%20The%20Root%20certificate%20itself%20or%20the%20one%20from%20the%20Intermediate%3F%3C%2FP%3E%3CP%3EIn%20the%20Wifi%20configuration%20profile%20do%20you%20use%20the%20option%20%22Root%20certificate%20for%20server%20validation%22%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20I%20do%20see%20the%20request%20in%20the%20NDES%20plugin%20log%20as%20well%20as%20in%20the%20IIS%20log.%20But%20nothing%20on%20the%20CA%20server.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-916528%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916528%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10931%22%20target%3D%22_blank%22%3E%40Jeroen%20Dijkman%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESCEP%20Profile%20-%20I%20select%20the%20trusted%20root%20cert.%3C%2FP%3E%3CP%3EWifi%20-%20I%20again%20select%20the%20trusted%20root%20cert%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20found%20this%20was%20a%20great%20script%20to%20use%20to%20ensure%20the%20NDES%20was%20setup%20correctly%3A-%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmicrosoftgraph%2Fpowershell-intune-samples%2Fblob%2Fmaster%2FCertificationAuthority%2FValidate-NDESConfiguration.ps1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fmicrosoftgraph%2Fpowershell-intune-samples%2Fblob%2Fmaster%2FCertificationAuthority%2FValidate-NDESConfiguration.ps1%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-916676%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916676%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F344102%22%20target%3D%22_blank%22%3E%40a_naqui%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20script.%20I%20ran%20it%20and%20it%20gave%20me%20some%20things%20that%20needed%20to%20be%20corrected.%20So%20I%20did%20that%20and%20the%20script%20now%20shows%20no%20errors.%3C%2FP%3E%3CP%3EBut%20unfortunately%20the%20SCEP%20certificate%20is%20still%20not%20issued.%3C%2FP%3E%3CP%3EI%20can%20see%20the%20entry%20in%20the%20NDES%20plugin%20that%20the%20requests%20comes%20in%20and%20is%20forwarded%20to%20the%20CRP.%3C%2FP%3E%3CP%3EIn%20the%20IIS%20log%20file%20I%20can%20see%20the%20request%20coming%20in%20but%20then%20it%20stops.%20I%20see%20no%20entry%20or%20error%20on%20our%20issuing%20CA.%20So%20at%20the%20moment%20I%20have%20ran%20out%20of%20ideas.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20guess%20I%20will%20create%20a%20support%20ticket%20with%20Microsoft.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-916828%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916828%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10931%22%20target%3D%22_blank%22%3E%40Jeroen%20Dijkman%3C%2FA%3E%26nbsp%3B%20-%20try%20creating%20a%20new%20SCEP%20profile%2C%20with%20a%20different%20name.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20followed%20these%20guides%20to%20get%20the%20NDES%20and%20CA%20set%20up%3A-%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.scconfigmgr.com%2F2019%2F03%2F13%2Fcertificate-deployment-for-mobile-devices-using-microsoft-intune-part-5-deploy-scep-certificate-profile%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fwww.scconfigmgr.com%2F2019%2F03%2F13%2Fcertificate-deployment-for-mobile-devices-using-microsoft-intune-part-5-deploy-scep-certificate-profile%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2FSupport-Tip-How-to-configure-NDES-for-SCEP-certificate%2Fba-p%2F455125%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2FSupport-Tip-How-to-configure-NDES-for-SCEP-certificate%2Fba-p%2F455125%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20you%20checked%20that%20the%20NDES%20service%20account%20has%20%22enroll%22%20permissions%20on%20the%20CA%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-917480%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-917480%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F344102%22%20target%3D%22_blank%22%3E%40a_naqui%3C%2FA%3E%26nbsp%3B%20-%20Thanks%20a%20lot%20for%20all%20your%20feedback%3C%2FP%3E%3CP%3ETo%20clarify%20our%20setup.%20We%20have%20been%20using%20the%20NDES%20infrastructure%20for%20over%20a%20year%20successfully%20with%20the%20Android%20Work%20Profile%20devices.%20I%20performed%20a%20test%20enrolling%20with%20Android%20Work%20Profile%20and%20could%20see%20that%20on%20the%20CRP%20the%20request%20is%20being%20processed.%20And%20the%20certificate%20is%20send%20back%20to%20the%20device.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20I%20am%20sure%20that%20our%20NDES%20setup%20is%20ok.%20When%20we%20try%20it%20with%20Android%20Fully%20Managed%20somehow%20the%20request%20gets%20stuck%20at%20the%20CRP%20and%20is%20not%20processed.%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20for%20the%20Android%20Fully%20Managed%20devices%20I%20had%20already%20created%20a%20separate%20SCEP%20profile.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F114887%22%20target%3D%22_blank%22%3E%40Mayunk%20Jain%3C%2FA%3E%26nbsp%3BCan%20you%20confirm%20there%20are%20still%20issues%20with%20the%20SCEP%20certificate%20processing.%20If%20so%20can%20you%20recommend%20some%20remediation%20steps%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-917650%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-917650%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10931%22%20target%3D%22_blank%22%3E%40Jeroen%20Dijkman%3C%2FA%3E%26nbsp%3B%20-%20with%20regards%20to%20the%20separate%20SCEP%20profile%20-%20what%20I%20meant%20was%20create%20a%20completely%20new%20one%20to%20rule%20out%20any%20trustpoint%20issues.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20intune%2C%20I%20have%20sometimes%20found%20after%20a%20release%2C%20a%20newly%20created%20profile%20will%20behave%20differently%20to%20existing%20profiles.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-918452%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-918452%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226779%22%20target%3D%22_blank%22%3E%40Intune%20Support%20Team%3C%2FA%3E%26nbsp%3Bare%20you%20still%20working%20on%20the%20SCEP%20config%20deployment%20challenges%20or%20is%20that%20supposed%20to%20be%20resolved%3F%3C%2FP%3E%3CP%3EI'm%20considering%20whether%20to%20wait%20for%20you%20guys%20or%20log%20a%20support%20ticket.%3C%2FP%3E%3CP%3EMight%20there%20be%20any%20pre-req%20device%20apps%20for%20this%20config%20that%20we%20might%20have%20missed%20deploying%2C%20eg%20system%20apps%20lost%20with%20DO%20enrol%20that%20are%20required%3F%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E(DO%20SCEP%20config%20reporting%20failed%2C%20no%20user%20cert%20on%20device%2C%20reaching%20NDES%20IIS%20and%20going%20no%20further%2C%20config%20recreated%2C%20config%20matches%20working%20Android%20DA%2FCOPE%2FiOS%20configs%2C%20internal%20CA%20%26amp%3B%20ICA%20certs%20deploying%20ok%2C%20testing%20with%20Samsung%20S8%20Android%209)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-918758%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-918758%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F344102%22%20target%3D%22_blank%22%3E%40a_naqui%3C%2FA%3E%26nbsp%3BWell%20I%20tried%20with%20a%20newly%20created%20SCEP%20profile%20but%20no%20luck.%20I%20have%20opened%20a%20ticket%20with%20Microsoft%20so%20let's%20see%20what%20that%20will%20bring.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-931369%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-931369%22%20slang%3D%22en-US%22%3E%3CP%3EHas%20there%20been%20any%20update%20to%20enterprise%20wifi%20profiles%20not%20applying.%20SCEP%20cert%20get%20delivered%20as%20well%20as%20root%20certs%2C%20but%20the%20wifi%20profile%20seems%20to%20be%20delivered%20as%20wpa%2Fpsk%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20has%20anyone%20noticed%20notifications%20of%20trusted%20certs%20being%20applied%20everytime%20they%20restart%3C%2FP%3E%3CP%3EThe%20only%20way%20to%20stop%20this%20notification%20is%20to%20click%20on%20the%20notification%2C%20select%20check%20certificate%2C%20enter%20pin%2Fpassword%20and%20select%20OK%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-935018%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-935018%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226229%22%20target%3D%22_blank%22%3E%40Adrian%20Bishop%3C%2FA%3E%26nbsp%3B%20No%20recent%20update%20from%20Microsoft%20about%20the%20WiFi%20profile%2C%20besides%20still%20analyzing%20the%20issue.%20I've%20also%20noticed%20the%20notification%20about%20the%20trusted%20cert%20being%20present%20after%20a%20device%20restart.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-983807%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-983807%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20Guys%20...%3C%2FP%3E%3CP%3EI've%20got%20an%20issue%20that's%20worrying%20me%20somewhat%2C%20that%20I%20hope%20some%20of%20you%20may%20have%20seen%20...%3C%2FP%3E%3CP%3EI%20have%20my%20on-prem%20AD%20synced%20to%20AAD%2C%20and%20use%20groups%20of%20users%20to%20assign%20Apps%2C%20App%20Config%20Profile%20etc%20to%20the%20users%20devices%20...%3C%2FP%3E%3CP%3EThe%20strange%20behaviour%20I%20am%20seeing%20this%20last%20week%20is%20that%20when%20I've%20added%20a%20number%20of%20users%20(small%20numbers)%20to%20an%20AD%20group%2C%20most%20of%20the%20changes%20apply%20to%20the%20end%20users%20device%20without%20issue.%20However%20I%20am%20seeing%20cases%20where%20apps%20are%20being%20uninstalled%20from%20the%20users%20device%20%22seemingly%22%20by%20simply%20adding%20them%20to%20an%20AD%20group%20...%3C%2FP%3E%3CP%3EIn%20this%20case%20I%20had%20created%20a%20number%20(5-10)%20app%20config%20profiles%2C%20and%20tested%20against%20an%20AD%20group%20with%202%20users%20in%2C%20which%20worked%20fine.%20I%20then%20added%206%20more%20users%20to%20the%20group%20and%20synced%20it%20to%20AAD%2C%20most%20of%20the%20settings%20applied%20to%20the%20end%20devices%2C%20however%201%20of%20the%20devices%20uninstalled%20a%20number%20of%20the%20apps%20...%3C%2FP%3E%3CP%3EThis%20isn't%20the%20first%20time%20in%20the%20last%20week%20this%20has%20happened%2C%20and%20I%20have%20re-opened%20the%20case%20with%20Microsoft%20to%20try%20and%20find%20out%20when%20this%20would%20cause%20such%20behaviour%20...%3C%2FP%3E%3CP%3EThanks%20all%20...%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-992728%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-992728%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F351354%22%20target%3D%22_blank%22%3E%40robbamber%3C%2FA%3E%26nbsp%3B%20This%20sounds%20very%20much%20like%20the%20problem%20I've%20logged%20repeatedly%20with%20Microsoft%20support.%20What%20I%20have%20found%20is%20that%20when%20a%20user%20account%20is%20a%20member%20of%20around%209%20Intune%20groups%20this%20causes%20all%20the%20apps%20to%20be%20removed%20from%20the%20Play%20Store%20(and%20any%20on%20the%20phone%20are%20uninstalled).%20If%20the%20user%20is%20added%20to%20a%2010th%20group%20(or%20removed%20from%20a%20group)%20the%20apps%20all%20magically%20reappear%20-%20annoyingly%20any%20customisations%20made%20within%20the%20app%20are%20lost%20(as%20if%20you're%20opening%20the%20app%20for%20the%20first%20time).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20even%20sent%20them%20a%20video%20of%20one%20of%20our%20devices%20(Moto%20G6)%20showing%20this%20occurring.%20They%20pretty%20much%20shrugged%20and%20as%2C%20at%20the%20time%2C%20Android%20Enterprise%20was%20in%20preview%20mode%20they%20stated%20that%20issues%20like%20this%20would%20go%20away%20when%20the%20GA%20release%20came%20along.%20I%20got%20tired%20of%20the%20back%20and%20forth%20and%20them%20wanting%20to%20remote%20on%20to%20my%20PC%20(what%20are%20they%20going%20to%20see%20on%20my%20PC%2C%20the%20issue's%20on%20the%20phone!)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20it%20helps%2C%20I%20can%20give%20you%20some%20of%20my%20historic%20case%20numbers%20so%20they%20can%20reference%20anything%20that%20may%20be%20useful.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-992737%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-992737%22%20slang%3D%22en-US%22%3E%3CP%3EWhilst%20I'm%20here%20actually%2C%20has%20anyone%20had%20any%20issues%20with%20performing%20device%20updates%20(not%20apps)%20on%20their%20handsets%3F%20I%20have%20the%20relevant%20setting%20set%20to%20'Automatic'%2C%20so%20that%20the%20phone%20should%20almost%20immediately%20download%20and%20install%20an%20update%20-%20I%20have%20seen%20it%20occur%20on%20my%20test%20handset.%20But%20we%20have%20a%20lot%20of%20devices%20still%20checking%20in%20with%20their%20Android%20version%20being%208.x%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-994039%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-994039%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F325517%22%20target%3D%22_blank%22%3E%40AndyH16%3C%2FA%3E%3C%2FP%3E%3CP%3EThanks%20for%20the%20reply%20Andy%2C%20if%20you%20didn't%20mind%20sharing%20the%20case%20references%20then%20it%20would%20be%20very%20helpful%20%E2%80%A6%20as%20it%20stands%20I'm%20not%20sure%20the%20issue%20is%20being%20understood%20fully%20%E2%80%A6%3C%2FP%3E%3CP%3EIn%20terms%20of%20your%20question%20around%20upgrades%2C%20I%20believe%20it%20dependant%20on%20the%20service%20provider%20releasing%20the%20OS%20%E2%80%A6%20however%20I%20can't%20confirm%20I%20have%20seen%20it%20working%20at%20the%20devices%20we%20have%20were%20upgraded%20from%208%20to%209%20prior%20to%20being%20enrolled%20%E2%80%A6%20the%20monthly%20patches%20do%20however%20apply%20...%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-994595%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-994595%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F351354%22%20target%3D%22_blank%22%3E%40robbamber%3C%2FA%3E%3C%2FP%3E%3CP%3EThe%20case%20IDs%20I%20have%20are%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22fontWeightSemiBold-806%22%3E%23%E2%80%8E13942583%E2%80%8E%3C%2FSPAN%3E%2C%20logged%20in%20April%3C%2FP%3E%3CP%3E%2315000061%2C%20logged%20in%20June%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBoth%20of%20these%20are%20closed%20cases%2C%20usually%20because%20I%20can't%20explain%20the%20issue%20any%20more%20than%20I%20have%20and%20their%20support%20hits%20a%20bit%20of%20a%20brick%20wall.%20They%20did%20try%20to%20escalate%20the%20last%20one%20to%20a%20senior%20engineer%20who%20suggested%20making%20sure%20I%20don't%20add%20the%20user%2Fgroup%20to%20an%20uninstall%20assignments%20(which%20there%20isn't)%20and%2C%20as%20it%20was%20preview%20at%20the%20time%2C%20they%20can't%20%22guarantee%20proper%20outcome%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20could%20log%20it%20again%20now%20that%20it's%20GA%20but%20I'll%20probably%20have%20to%20go%20back%20to%20square%20one!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-994662%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-994662%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F325517%22%20target%3D%22_blank%22%3E%40AndyH16%3C%2FA%3E%26nbsp%3B%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F351354%22%20target%3D%22_blank%22%3E%40robbamber%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20used%20to%20have%20this%20issue%20a%20while%20back.%20but%20it%20seemed%20to%20resolve%20itself.%20The%20only%20other%20time%20I%20suffered%20it%20since%20then%20was%20after%20building%20a%20device%20and%20letting%20it%20pull%20down%20the%20apps%2C%20but%20I%20forgot%20to%20login%20to%20the%20Intune%20app.%20after%20a%20period%20it%20removed%20the%20apps.%20Once%20I%20logged%20into%20the%20Intune%20app%3B%20all%20the%20apps%20were%20reinstalled.%20This%20issue%20was%20circumvented%20or%20resolved%20by%20the%20fact%20that%20you%20have%20to%20login%20to%20the%20Intune%20as%20part%20of%20the%204%2F5%20step%20build%2Fenrolment%20process.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-994665%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-994665%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F246505%22%20target%3D%22_blank%22%3E%40MoZZa%3C%2FA%3E%20%2C%20it%20could%20be%20that%20this%20issue%20has%20cleared%20up%20-%20it%20was%20really%20only%20me%20that%20it%20ever%20affected%2C%20as%20I%20was%20in%20so%20many%20app%20test%20deployment%20groups!%3C%2FP%3E%3CP%3EI%20can't%20say%20that%20I've%20heard%20of%20any%20issues%20from%20our%20users%20anyway.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1001732%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1001732%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F325517%22%20target%3D%22_blank%22%3E%40AndyH16%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F246505%22%20target%3D%22_blank%22%3E%40MoZZa%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMorning%20both.%3C%2FP%3E%3CP%3EThanks%20for%20your%20help%20and%20feedback%20on%20everything%20so%20far%20...%3C%2FP%3E%3CP%3EJust%20another%20strange%20one%20around%20the%20use%20of%20Global%20Proxy%20configuration%20%E2%80%A6%20don't%20suppose%20either%20of%20you%20have%20looked%20at%20using%20this%20yet%3F%20...%3C%2FP%3E%3CP%3EOnce%20I%20have%20the%20Global%20Proxy%20applied%20I%20get%20a%20%22!%22%20on%20the%20Network%20stack%20and%20the%20Intune%20reports%20it%20is%20not%20connected%20to%20the%20internet%2C%20albeit%20the%20other%20apps%20and%20web%20traffic%20works%20as%20expected%20%E2%80%A6%26nbsp%3B%3C%2FP%3E%3CP%3EIt's%20almost%20as%20if%20the%20device%20believes%20it%20is%20connected%20to%20a%20Captive%20Portal%20for%20some%20reason%20...%3C%2FP%3E%3CP%3EThank%20in%20advance%26nbsp%3B%3C%2FP%3E%3CP%3ERob%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1001819%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1001819%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F351354%22%20target%3D%22_blank%22%3E%40robbamber%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt's%20not%20something%20I've%20used%20I'm%20afraid.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1009029%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1009029%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20anyone%20now%20finding%20that%20the%20wifi%20connects%2C%20but%20only%20after%20you%20get%20an%20authentication%20error%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20eventually%20connects%20fine%2C%20but%20it%20never%20seems%20to%20connect%20first%20time.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1028965%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1028965%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EQuick%20question%2C%26nbsp%3B%20know%20I%20know%2C%20this%20is%20a%20question%20about%20Android%20Enterprise%20Dedicated%20Devices%20(Kiosks)%20BUT%2C%20I%20noticed%20this%20morning%20(24%2F11%2F19)%2011%3A00am%20UK%20time)%20for%20the%20first%20time%20that%20whilst%20working%20on%203%20different%20builds%2C%20customising%20the%20App%20orders%20and%20locations%20etc.%20to%20my%20surprise%20the%20Microsoft%20Intune%20app%20started%20to%20install%20on%20all%20the%20devices.%20when%20you%20tap%20the%20icon%2C%20you%20get%20a%20screen%20saying%20that%20you%20have%20successfully%20installed%20the%20device%20or%20setup%20the%20device.%3CBR%20%2F%3EI%20am%20assuming%20this%20is%20connected%20with%20either%20the%20compliance%20or%20conditional%20access.%20I%20really%20don't%20know.%20Has%20anyone%20else%20spotted%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1029229%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1029229%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F246505%22%20target%3D%22_blank%22%3E%40MoZZa%3C%2FA%3E%20i%20wonder%20if%20it%20due%20to%20SCEP%20for%20dedicated%20devices%20now%20available%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Ffundamentals%2Fwhats-new%23updates-to-dedicated-device-enrollment-to-support-scep-device-certificate-deployment-%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Ffundamentals%2Fwhats-new%23updates-to-dedicated-device-enrollment-to-support-scep-device-certificate-deployment-%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1029914%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1029914%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226229%22%20target%3D%22_blank%22%3E%40Adrian%20Bishop%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20could%20be%2C%20also%20the%20previous%20issue%20with%20not%20being%20able%20to%20deploy%20device%20config%20changes%20without%20removing%20the%20compliance%20policy%20has%20also%20been%20rectified.%3C%2FP%3E%3CP%3EThis%20allows%20conditional%20access%20for%20Dedicated%20Devices%20to%20fall%20in-line%20with%20User%20Owned%20devices.%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20are%20the%20steps%20and%20some%20progress%20screen%20shots.%20Definitely%20looks%20like%20the%20Dedicated%20Device%20build%20has%20benefited%20from%20the%20Fully%20Managed%20project%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3EThe%20last%20screen%20shot%20is%20what%20you%20get%20when%20you%20tap%20on%20the%20icon%20once%20installed.%20The%20icon%20is%20only%20visible%20when%20you%20exit%20kiosk%20mode.%20It%20also%20has%20the%20options%20for%20gathering%20logging%20data%2C%20options%20are%26nbsp%3B%3CSTRONG%3Eoff%2C%20Important%20%26amp%3B%20Verbose%3C%2FSTRONG%3E.%20There%20is%20also%20an%20option%20for%20syncing%20the%20device%20to%20pull%20down%20the%20latest%20policies.%20Looking%20forward%20to%20more%20goodies.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158753i7A3868CA4129907D%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22New%20Dedicated%20intune%20Steps.png%22%20title%3D%22New%20Dedicated%20intune%20Steps.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-862232%22%20slang%3D%22en-US%22%3EMicrosoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-862232%22%20slang%3D%22en-US%22%3E%3CP%3E(This%20post%20is%20co-authored%20by%20Priya%20Ravichandran%2C%20Senior%20Program%20Manager%2C%20Microsoft%20365)%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20pleased%20to%20announce%20that%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAndroid%20Enterprise%20fully%20managed%20is%20one%20of%20the%20%E2%80%9Cdevice%20owner%E2%80%9D%20management%20scenarios%20in%20the%20Android%20Enterprise%20solution%20set.%20This%20scenario%20enables%20user%20productivity%20on%20corporate%20devices%26nbsp%3Bwhile%20allowing%20IT%20admins%20to%20manage%20capabilities%20needed%20by%20the%20organization.%20We%20have%20seen%20an%20overwhelming%20uptake%20of%20this%20management%20capability%20throughout%20the%20multiple%20phases%20of%20public%20preview%20making%20this%20the%20most%20widely%20adopted%20preview%20for%20Android%20management%20thus%20far.%20In%20preview%2C%20we%20have%20tens%20of%20thousands%20of%20devices%20across%20global%20customers%20already%20using%20it%20configure%20and%20manage%20their%20Android%20devices.%20In%20addition%20to%20this%20extensive%20adoption%2C%20we%20have%20received%20significant%20feedback%20from%20the%20community%20and%20customers%20alike.%20With%20this%20release%2C%20customers%20can%20deliver%20a%20high%20quality%20and%20feature-rich%20productivity%20scenario%20for%20users%20on%20corporate-owned%20devices%26nbsp%3Bwhile%20maintaining%20an%20extended%20set%20of%20policy%20controls%20over%20the%20devices.%3C%2FP%3EOnboarding%20a%20fully%20managed%20device%3CP%3EIntune%20supports%20popular%20provisioning%20technologies%20with%20Android%20Enterprise%20devices%20running%20Android%206.0%20and%20later%2C%20including%3A%3C%2FP%3EKnox%20Mobile%20Enrollment%20NFC%20QR%20Code%20Token%20Entry%20Zero%20Touch%20Enrollment%3CP%3EDeploying%20fully%20managed%20devices%20start%20when%20a%20new%20device%20is%20acquired%20and%20unboxed%2C%20or%20an%20existing%20device%20is%20factory%20reset.%20Using%20Intune%E2%80%99s%20enrollment%20token%20with%20your%20preferred%20choice%20of%20deployment%20technology%2C%20the%20fully%20managed%20provisioning%20workflow%20will%20launch%20the%20out%20of%20the%20box%20experience%20(OOBE)%20that%20will%20then%20guide%20the%20user%20though%20the%20necessary%20steps%20to%20complete%20the%20onboarding%20process.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOnce%20the%20user%20enters%20their%20corporate%20credentials%2C%20the%20onboarding%20process%20starts%20with%20guiding%20the%20user%20through%20the%20process%20of%20setting%20up%20a%20device%20PIN%20based%20on%20the%20organization%20policy.%20Having%20this%20set%20up%20during%20OOBE%20ensures%20that%20the%20device%20is%20protected%20against%20misuse%20from%20the%20start.%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3EFigure%201%3A%20Fully%20managed%20OOBE%20guides%20user%20to%20set%20up%20PIN%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOOBE%20will%20automatically%20download%20the%20Microsoft%20Intune%20app%2C%20Microsoft%20Authenticator%20app%20and%20the%20Microsoft%20Intune%20Company%20Portal%20app.%20Additionally%2C%20the%20user%20is%20also%20made%20aware%20of%20the%20full%20list%20of%20required%20apps%20that%20the%20organization%20is%20pushing%20to%20their%20device%2C%20making%20the%20process%20more%20transparent%20to%20the%20end%20user.%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFigure%202%3A%20OOBE%20installs%20the%20two%20required%20apps%20and%20shows%20the%20user%20the%20rest%20of%20the%20mandatory%20apps%20being%20installed%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESince%20the%20download%20of%20these%20additional%20apps%20start%20immediately%20in%20the%20background%2C%20the%20user%20gets%20a%20head%20start%20having%20the%20right%20tools%20for%20the%20job.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20final%20piece%20of%20the%20OOBE%20is%20registering%20the%20device%20with%20Azure%20Active%20Directory.%20Device%20registration%20during%20OOBE%20ensures%20that%20the%20device%20is%20compliant%20with%20the%20organization%E2%80%99s%20requirements%20before%20being%20able%20to%20access%20any%20corporate%20resources%20on%20the%20device.%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3EFigure%203%3A%20User%20starts%20device%20registration%20in%20OOBE%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EFigure%204%3A%20Device%20registration%20completes%20during%20OOBE%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EAt%20the%20end%20of%20the%20onboarding%20workflow%2C%20the%20user%20now%20has%20a%20device%20that%20has%20all%20the%20policies%20and%20apps%20they%20need%20to%20be%20productive%20and%20secure.%3C%2FP%3EMulti%20Factor%20Authentication%20with%20fully%20managed%20devices%3CP%3EMulti%20Factor%20Authentication%20(MFA)%20is%20a%20key%20part%20of%20the%20authentication%20process%20for%20many%20organizations.%20With%20this%20GA%20release%2C%20the%20fully%20managed%20device%20will%20be%20able%20to%20support%20MFA%20policies%20that%20have%20been%20put%20in%20place%20by%20the%20organization.%3C%2FP%3EConfiguring%20certificates%20and%20resource%20access%20policies%3CP%3EOn%20a%20fully%20managed%20device%2C%20you%20can%20deploy%20both%20root%20certificates%20and%20SCEP%20certificates%20for%20authentication.%20Along%20with%20certificate%20profiles%2C%20resource%20access%20profiles%20are%20also%20now%20supported%20with%20the%20full%20spectrum%20of%20authentication%20options.%20Email%2C%20Wi-Fi%20and%20VPN%20profiles%20can%20also%20be%20created%20to%20leverage%20the%20certificate%20profiles%20needed%20for%20your%20organization.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20support%20allows%20your%20organization%20to%20determine%20which%20resources%20are%20used%20on%20a%20device%20and%20how%20the%20user%20can%20authenticate%20before%20using%20it.%20For%20example%2C%20you%20can%20allow%20a%20device%20to%20use%20a%20specific%20Wi-Fi%20profile%20and%20authenticate%20with%20a%20certificate%20that%20has%20been%20pushed%20to%20the%20device%2C%20in%20this%20case%20a%20SCEP%20certificate%20you%20deployed.%3C%2FP%3EEnabling%20corporate%20and%20personal%20applications%20on%20the%20device%3CP%3EOn%20a%20fully%20managed%20device%2C%20Intune%20provides%20a%20locked%20down%20approach%20to%20apps.%20By%20preventing%20the%20sideloading%20of%20apps%20on%20the%20device%2C%20the%20device%20maintains%20its%20security%20posture.%20Organizations%20do%20not%20have%20to%20enable%20installing%20apps%20from%20untrusted%20sources%2C%20which%20is%20a%20concern%20with%20the%20previous%20device%20administrator%20management%20mode.%20To%20ensure%20that%20only%20apps%20from%20approved%20sources%20are%20installed%20on%20the%20device%2C%20organizations%20can%20leverage%20the%20Managed%20Google%20Play%20store%20to%20distribute%20corporate%20apps%20to%20managed%20devices.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAn%20organization%20may%20deploy%20additional%20policies%20to%20allow%20users%20to%20install%20other%20apps%20from%20the%20public%20Play%20store%20on%20the%20device%2C%20if%20they%20wish%20to%2C%20allowing%20users%20to%20personalize%20their%20work%20device.%20By%20default%2C%20access%20to%20the%20public%20Play%20store%20is%20blocked%20on%20a%20fully%20managed%20device.%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3EFigure%205%3AEnabling%20end%20user%20access%20to%20the%20consumer%20store%20on%20fully%20managed%20devices%3C%2FP%3ESystem%20applications%3CP%3ESystem%20apps%20%E2%80%93%20like%20the%20camera%20and%20the%20dialer%20%E2%80%93%20are%20key%20apps%20that%20are%20required%20by%20many%20organizations%20for%20their%20users%20to%20do%20their%20jobs%20as%20expected.%20Intune%20enables%20granular%20control%20over%20system%20apps%20on%20Android%20Enterprise%20corporate%20devices.%20Admins%20can%20manage%20system%20apps%20at%20the%20package%20level%20to%20ensure%20that%20only%20key%20apps%20needed%20for%20productivity%20are%20enabled%20on%20the%20device%2C%20excluding%20other%20system%20apps%20that%20are%20not%20relevant%20to%20the%20organization.%26nbsp%3B%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3EFigure%206%3A%20Adding%20and%20managing%20system%20apps%20-%20like%20the%20Samsung%20Clock%20app%20-%20on%20fully%20managed%20devices%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20addition%2C%20since%20these%20are%20post-provisioning%20policy%20deployments%2C%20the%20list%20of%20enabled%20system%20apps%20can%20be%20adjusted%20over%20the%20life%20of%20the%20device%20to%20meet%20the%20organization%E2%80%99s%20needs.%20%26nbsp%3B%3C%2FP%3EConfiguration%20and%20compliance%3CP%3EThe%20fully%20managed%20device%20supports%20all%20the%20Android%20Enterprise%20Device%20Owner%20settings%20offered%20in%20the%20Intune%20console.%20Additionally%2C%20Intune%20now%20supports%20the%20ability%20to%20create%20compliance%20policies%20on%20fully%20managed%20devices%2C%20including%3A%3C%2FP%3ESupport%20for%20enforcement%20of%20PIN%20complexity%20requirements%20Support%20for%20specifying%20a%20threat%20level%20threshold%20for%20the%20device%20and%20leveraging%20Mobile%20Threat%20Defense%20providers%20Support%20for%20SafetyNet%20Attestation%2C%20which%20will%20incorporate%20the%20jailbreak%20detection%20as%20well.%3CP%3EAs%20with%20other%20Intune%20managed%20devices%2C%20when%20a%20device%20does%20not%20meet%20the%20compliance%20requirements%2C%20the%20user%20is%20notified%20and%20provided%20with%20guidelines%20on%20how%20to%20mitigate%20the%20issue.%20For%20fully%20managed%20devices%2C%20end%20user%20experiences%20are%20now%20surfaced%20in%20the%20new%20Microsoft%20Intune%20app.%3C%2FP%3ERedesigned%20end%20user%20experience%20in%20the%20Microsoft%20Intune%20app%3CP%3EThis%20new%20modern%20and%20light-weight%20app%2C%20simply%20called%20%E2%80%98Microsoft%20Intune%E2%80%99%2C%20enables%20the%20experiences%20that%20end%20users%20know%20and%20love%20in%20the%20Company%20Portal%20app%20for%20fully%20managed%20devices%2C%20including%20managing%20compliance%20for%20their%20devices%2C%20getting%20support%20from%20their%20organization%2C%20and%20viewing%20notifications.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EFigure%207%3A%20View%20devices%2C%20update%20settings%20when%20needed%2C%20and%20view%20notifications%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EFigure%208%3A%20Get%20support%20when%20needed%2C%20view%20organizational%20terms%2C%20and%20view%20user%20profile%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20latest%20release%20of%20Microsoft%20Intune%20app%20for%20Android%20has%20the%20following%20updates%3A%3C%2FP%3EImproved%20layout%20with%20bottom%20navigation%20for%20the%20most%20important%20actions.%20Added%20an%20additional%20page%20that%20shows%20the%20user's%20profile.%20Added%20the%20display%20of%20actionable%20notifications%20in%20the%20app%20to%20inform%20the%20user%2C%20such%20as%20the%20need%20to%20update%20their%20device%20settings.%20Added%20the%20display%20of%20custom%20push%20notifications%2C%20aligning%20the%20app%20with%20the%20support%20recently%20added%20in%20the%20Company%20Portal%20app%20for%20iOS%20and%20Android.%3CP%3EToday%2C%20this%20new%20app%20is%20only%20for%20the%20fully%20managed%20scenario%3B%20in%20all%20other%20Android%20management%20scenarios%2C%20Company%20Portal%20will%20continue%20to%20be%20the%20end%20user%20app.%3C%2FP%3EApp%20protection%20policies%3CP%3EIntune%20app%20protection%20policies%20are%20wholly%20supported%20on%20fully%20managed%20devices%2C%20at%20parity%20with%20support%20on%20other%20platforms.%20The%20Microsoft%20Company%20Portal%20is%20automatically%20deployed%20in%20the%20background%20to%20enable%20the%20additional%20layer%20compliance%20control.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3EOEMConfig%20support%3CP%3EIntune%20has%20full%20support%20for%20the%20OEMConfig%20framework%2C%20including%20an%20intuitive%20configuration%20designer%20UI%20that%20allows%20organizations%20to%20easily%20leverage%20supported%20OEM-specific%20settings%20on%20their%20fully%20managed%20devices.%20For%20more%20details%2C%20see%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FEnterprise-Mobility-Security%2FIntroducing-the-Microsoft-Intune-configuration-designer-to%2Fba-p%2F789082%22%20target%3D%22_blank%22%3Ethis%20blog%20post%20on%20the%20OEMConfig%20configuration%20designer%3C%2FA%3E%20or%20refer%20to%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fintune%2Fandroid-oem-configuration-overview%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3EIntune%20documentation%20on%20OEMConfig%3C%2FA%3E.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3EMicrosoft%20Launcher%20for%20Enterprises%3CP%3EAnother%20key%20aspect%20of%20managing%20a%20corporate%20device%20%E2%80%93%20like%20a%20Fully%20Managed%20device%20%E2%80%93%20is%20to%20ensure%20that%20all%20end%20users%20have%20a%20consistent%20home%20screen%20experience%20on%20the%20device.%20This%20includes%20being%20able%20to%20clearly%20brand%20the%20device%20as%20well%20as%20ensure%20that%20the%20key%20apps%20needed%20for%20their%20role%20are%20accessible%20and%20discoverable%20on%20the%20device.%20The%20Microsoft%20Launcher%20is%20a%20key%20partner%20in%20enabling%20this%20well-defined%20end%20user%20experience%20on%20corporate%20devices.%26nbsp%3B%20When%20the%20Microsoft%20Launcher%20is%20deployed%20to%20a%20device%2C%20the%20Launcher%20is%20able%20to%20detect%20that%20the%20device%20is%20a%20corporate%20device%20and%20will%20then%20enable%20enforce%20any%20app%20config%20settings%20that%20the%20admin%20has%20specified.%20This%20includes%20being%20able%20to%20set%20a%20device%20wallpaper%20as%20well%20as%20the%20list%20and%20order%20of%20applications%20on%20the%20home%20screen.%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3EFigure%209%20Microsoft%20Launcher%20home%20screen%20experience%20on%20work-managed%20Android%20device%3C%2FP%3E%3CP%3EWhile%20the%20launcher%20configuration%20is%20currently%20only%20exposed%20via%20the%20App%20config%20workflow%2C%20we%20are%20partnering%20with%20the%20Microsoft%20Launcher%20team%20to%20deliver%20a%20first%20class%20configuration%20experience%20in%20the%20Intune%20Admin%20Console%20%E2%80%93%20to%20match%20the%20experience%20that%20is%20available%20for%20the%20Managed%20Home%20Screen%20today.%20Watch%20this%20space%20for%20updates.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3ENext%20steps%3CP%3EWe%E2%80%99re%20excited%20to%20share%20this%20milestone%20with%20our%20Microsoft%20Intune%20customers%20who%20can%20now%20deliver%20a%20premier%20manageability%20and%20security%20experience%20to%20their%20end%20users%20on%20Android%20Enterprise%20devices.%20As%20we%20continue%20to%20innovate%20on%20the%20Android%20Enterprise%20platform%2C%20we%20look%20forward%20to%20your%20ongoing%20usage%20and%20feedback.%3C%2FP%3E%3CP%3EFully%20managed%20support%20is%20the%20next%20step%20in%20Intune's%20commitment%20to%20full%20Android%20Enterprise%20support.%20Also%20look%20for%20new%20support%20for%20private%20publishing%20within%20the%20Intune%20console%2C%20as%20well%20as%20web%20link%20support%20launching%20at%20the%20same%20time%20as%20Fully%20managed.%26nbsp%3B%20We're%20committed%20to%20a%20full%20set%20of%20Android%20Enterprise%20scenarios%20that%20meet%20high%20standards%20of%20manageability%20and%20privacy%2C%20so%20stay%20tuned%20for%20more%20on%20this%20in%20the%20coming%20months.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3ELearn%20more%3CP%3EDocumentation%3A%3C%2FP%3E%20%20%26nbsp%3BTechnical%20article%20on%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fintune%2Fandroid-fully-managed-enroll%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3EAndroid%20Enterprise%20fully%20managed%20device%20management%3C%2FA%3E%20%26nbsp%3BTechnical%20article%20on%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fintune%2Fandroid-dedicated-devices-fully-managed-enroll%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3EAndroid%20Enterprise%20dedicated%20device%20management%3C%2FA%3E%3CP%3EPrevious%20blogs%20in%20this%20series%3A%3C%2FP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2FMicrosoft-Intune-announces-preview-of-support-for-Android%2Fbc-p%2F331526%22%20target%3D%22_blank%22%3EFirst%20public%20preview%3C%2FA%3E%20announcement%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2FMicrosoft-Intune-announces-Preview-2-for-Android-Enterprise%2Fba-p%2F472324%22%20target%3D%22_blank%22%3ESecond%20public%20preview%3C%2FA%3E%20introducing%20Microsoft%20Intune%20app%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2FAnnouncing-new-updates-to-the-Android-Enterprise-fully-managed%2Fba-p%2F735030%22%20target%3D%22_blank%22%3EFinal%20public%20preview%3C%2FA%3E%20with%20supportability%20enhancements%3CP%3E%26nbsp%3B%3C%2FP%3E%20%26nbsp%3B%20More%20info%20and%20feedback%3CP%3ELearn%20how%20to%20get%20started%20with%20Microsoft%20Intune%20with%20our%20detailed%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fintune%2F%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3Etechnical%20documentation%3C%2FA%3E.%20Don%E2%80%99t%20have%20Microsoft%20Intune%3F%20Start%20a%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fcloud-platform%2Fenterprise-mobility-security-pricing%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3Efree%20trial%20or%20buy%20a%20subscription%3C%2FA%3E%20today!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20always%2C%20we%20want%20to%20hear%20from%20you!%20If%20you%20have%20any%20suggestions%2C%20questions%2C%20or%20comments%2C%20please%20visit%20us%20on%20our%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Intune%2Fbd-p%2FMicrosoft-Intune%22%20target%3D%22_blank%22%3ETech%20Community%20page%3C%2FA%3E.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFollow%20%3CA%20href%3D%22https%3A%2F%2Fwww.twitter.com%2Fmsintune%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%20target%3D%22_blank%22%3E%40MSIntune%3C%2FA%3E%20on%20Twitter%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-862232%22%20slang%3D%22en-US%22%3E%3CP%3ESupport%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%20in%20Microsoft%20Intune.%20This%20is%20designed%20for%20corporate-owned%20devices%20that%20are%20used%20primarily%20for%20work%2C%20to%20separate%20work%20and%20personal%20apps%20and%20data%20while%20enabling%20data%20security%20and%20end-user%20privacy.%20In%20this%20scenario%2C%20IT%20admins%20have%20granular%20controls%20on%20the%20entire%20device%20and%20end%20users%20enjoy%20the%20consumer-like%20experience%20and%20convenience%20to%20work%20from%20anywhere%20using%20the%20Android%20devices%20they%20love.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-862232%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Intune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20and%20App%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EUnified%20Endpoint%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1200503%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1200503%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20during%20the%20step%20%22%3CSPAN%3Ethe%20user%20enters%20their%20corporate%20credentials%22.%20I%20assume%20this%20bypasses%20any%20MFA%20requirements%20set%20via%20conditional%20access%20or%20do%20we%20have%20to%20adjust%20these%20policies%3F%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESo%20if%20this%20is%20the%20device%20registered%20for%20MFA%20and%20its%20factory%20reset%20then%20they%20wont%20receive%20a%20text%2Fnotification%20will%20they%3F%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAlso%20if%20this%20is%20a%20new%20user%20and%20their%20first%20device%2C%20they%20need%20to%20be%20able%20to%20sign%20in%20without%20being%20forced%20to%20setup%20MFA.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1200532%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1200532%22%20slang%3D%22en-US%22%3E%3CP%3EPoynter2%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThey%20need%20to%20use%20a%20different%20device%20to%20authenticate%20I%20am%20afraid.%20You%20could%20turn%20off%20authentication%20for%20each%20user%20and%20turn%20it%20back%20on%20once%20they%20enrol%20but%20for%20us%20this%20was%20not%20feasible.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20our%20users%20had%20to%20use%20their%20personal%20device%20to%20authenticate%20in%20the%20first%20instance%20so%20that%20they%20can%20enrol%20their%20corporate%20device.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20be%20honest%20its%20a%20security%20risk%20having%20the%20authenticator%20app%20on%20the%20same%20device%20you%20are%20accessing%20company%20resources%20on.%20From%20a%20security%20standpoint%20it%20makes%20more%20sense%20for%20another%20device%20to%20be%20utilised.%20Just%20tell%20users%20not%20to%20lose%20both%20at%20same%20time%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1200557%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1200557%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F419573%22%20target%3D%22_blank%22%3E%40dan_birrell%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F463136%22%20target%3D%22_blank%22%3E%40poynter2%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAll%20of%20our%20users%20were%20directed%20to%20use%20their%20personal%20or%20corporate%20mobile%20phones%20for%20their%20MFA.%20Where%20this%20was%20not%20possible%20they%20used%20land-lines.%3C%2FP%3E%3CP%3EOur%20brand%20new%20users%20are%20directed%20to%20the%20SSPR%20site%20so%20that%20they%20can%20register%20to%20change%20their%20password.%20Thereafter%2C%20they%20can%20change%20their%20authentication%26nbsp%3B%3C%2FP%3E%3CP%3Emethods%20on%20the%20Access%20Authentication%20panel.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1200649%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1200649%22%20slang%3D%22en-US%22%3E%3CP%3Ethanks%20for%20the%20quick%20response%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F246505%22%20target%3D%22_blank%22%3E%40MoZZa%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F419573%22%20target%3D%22_blank%22%3E%40dan_birrell%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20if%20we%20exclude%20the%20Microsoft%20Intune%20cloud-app%20from%20the%20conditional%20access%20policy%20as%20per%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fenrollment%2Fandroid-fully-managed-enroll%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fenrollment%2Fandroid-fully-managed-enroll%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWould%20that%20then%20not%20prompt%20for%20MFA%20during%20the%20enrollment%3F%20Would%20it%20cause%20any%20security%20concerns%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EChris%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1200694%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Intune%20support%20for%20Android%20Enterprise%20fully%20managed%20devices%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1200694%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F463136%22%20target%3D%22_blank%22%3E%40poynter2%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20deployed%20using%20this%20method%20as%20not%20all%20devices%20are%20built%20on%20a%20trusted%20network.%20However%2C%20due%20to%20the%20flow%20of%20the%20build%2C%20we%20force%20screen%20lock%20and%20secure%20startup%20PIN%2FPasswords%2C%20therefore%20by%20the%20time%20the%20device%20is%20getting%20up%20and%20running%2C%20it%20has%20met%20the%20required%20level%20of%20compliance.%3C%2FP%3E%3CP%3EBut%20as%20stated%20before%2C%20for%20new%20users%2C%20we%20try%20to%20get%20them%20to%20access%20the%20SSPR%20sites%20first.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20it%20helps.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎Sep 19 2019 01:53 PM
Updated by: