Update 3/30/20: This has now been addressed in the March release. See https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new#optimized-dedicated-device-enroll... for more information.
Intune is adding support for SCEP device certificate deployment to Android Enterprise dedicated devices to enable certificate-based access to Wi-Fi profiles. To support this feature, there are some user experience and enrollment changes for dedicated devices we would like you to be aware of.
What's in scope
- In the November release, certificates deployed to these devices will be usable within Wi-Fi configuration policies in order to configure certificate-based access to Wi-Fi networks on Android devices enrolled as dedicated devices.
- Newly enrolled dedicated devices will be automatically configured to receive and apply cert and Wi-Fi policies defined by IT admins.
What to be aware of
The Microsoft Intune app must be present on dedicated devices for certificate deployment to work. After service side changes are made to the enrollment flow to handle the app install, Intune will automatically install the Intune app onto existing enrolled devices.
After the November update to the Intune service, which will start to roll out around mid-November, here’s what you’ll see:
- For new Android Dedicated device enrollments:
What- Users will see a different set of steps on devices during enrollment. Enrollment will still start the way it does today (with QR, NFC, Zero-touch, or device identifier). The change to be aware of is that there will be a mandatory app install step. The new screen will look like the screenshot below.
When- This will be enabled on a rolling basis after the November release completes and the What’s New content is published. We anticipate this will be fully enabled for all tenants and devices within a week after the November release completes.
- For existing enrolled dedicated devices:
What- Intune will automatically install the Microsoft Intune app. You don't need to take any action here - the app will automatically download and install on devices.
When- Existing enrolled dedicated devices will observe the Microsoft Intune app automatically install starting in early November. The app will be installed on a rolling basis throughout the course of the November release.
What's coming
We’ll keep this blog post updated as we make improvements and add more support, for example, SCEP support for app and VPN authentication.
Existing enrolled dedicated devices will require manual intervention on the device to enable cert deployment. We will provide an update about how to enable this for existing enrolled devices in a later release.