Enrolling Android devices offers various methods, and the choice depends on your specific requirements for managing Android devices. For instance, if your company permits using Personal Android Phones (BYOD) to access company data, the Android Enterprise personally-owned work profile is suitable. With this approach, personal data remains separate from work data, and administrators do not control personal settings or data.
On the other hand, if your company owns Android devices distributed to users and you require full control over these devices, you can opt for Android Enterprise fully managed enrollment. These devices are designated for work purposes only and not for personal use, allowing administrators to manage the entire device.
These two methods are commonly used when configuring Android enrollment, but there are additional options available to cater to specific scenarios, which are listed below:
- Android Enterprise dedicated – Android Enterprise supports corporate-owned, single-use, kiosk-style devices with its dedicated device solution set. Such devices are used for a single purpose, such as digital signage, ticket printing, or inventory management, to name just a few. Admins can lock down the usage of a device to a single app, or a limited set of apps, including web apps. Users are prevented from adding other apps or taking actions on the device unless explicitly approved by admins.
- Android Enterprise corporate-owned with a work profile – For corporate-owned, single-user devices intended for corporate and personal use. It’s somewhere between BYOD and Fully Managed where Admins can control some of the device settings and features along with Work Profile existence which is a separate managed area on the phone that keeps personal and corporate data separate.
- Android device administrator – In areas where Android Enterprise is available, Google is encouraging movement off device administrator (DA) management by decreasing its management support in new Android releases. Therefore, it’s best to keep this disabled as most of the Android versions support Android Enterprise.
Connect Managed Google Play on Intune
Now, let’s check the steps to configure Android enrollment from Intune admin center.
- Sign in to Intune admin center
- Go to Devices > Enroll Devices > Android enrollment and click on Managed Google Play.
- On the Managed Google Play Page, Click on I agree and then click on Launch Google to connect now.
- Please be aware that you’ll need a Gmail account to establish or set up this connection. If you already have one, you can use it to sign in and proceed by clicking Get Started.
- I recommend creating a dedicated Gmail account for this connection and storing the login credentials securely in your Secret Store or Password vault.
- Please follow below steps to create a GMAIL account for a business.
- Click on Get Started.
- Enter your Business Name.
- Skip Entering Data Protection Officer and EU Representative Information, Select the Microsoft Google Play agreement checkbox and click on Confirm.
- Click on Complete Registration.
- It will Integrate your Gmail account and complete the setup process. Once it’s done, you should see Green Check next to Setup with the Registration date.
Enrollment Profiles
Once the connection to Managed Google Play is successfully set up, you can now configure Enrollment Profiles from Intune admin center.
