A few months back, I
you that we added support for "Bring Your Own Device" scenarios in Active Directory when we turned on Workplace Join support for Windows 8 PC's and iOS devices.
Today I'm happy to let you know that we've added Workplace Join support for Android as well!
To enable that support, we've shipped our updated Android Azure Authenticator application that includes includes both Multi-Factor Authentication and adding a "Work Account" (the end-user facing term for an Azure AD Account) to Android devices.
Your employees can now add a Work Account on Android to securely register their Android device in Active Directory using our Workplace Join mechanism. This allows you, the IT admin, to require authentication of both the user and their device before the user is given access to sensitive resources.
Employees will also benefit from Single Sign-On (SSO) across all the mobile applications that use Active Directory Authentication Library (ADAL) to authenticate with AD.
The Android Work Account will register the device with the Azure AD Device Registration Service. Using devices registered with this service, you can configure conditional access policies to on-premises resources now.
We are in the process of adding policy support for all applications connected to Azure Active Directory, so these registered devices can also be used for the conditional access policies to AD connected cloud applications in the future.