There are few way in which Android devices can be enrolled. It totally depends upon your requirement of which type of Android enrollment you will use for android devices. For example, if your company allows Personal Android Phones (BYOD) to be used for accessing the company data, you can go for Android Enterprise personally owned work profile option.
Personal data on this device is kept separate from work data and admins don’t control personal settings or data. If your company owns android devices which are distributed to the users and you want to full control of the device, then you can use Android Enterprise fully managed.
These are corporate-owned, single user devices exclusively for work and not personal use. Admins can manage entire device using this option. These are the two most popular options when it comes to configuring android enrollment. Depending upon your specific scenario, there are other options available as well which I have listed below:
- Android Enterprise dedicated – Android Enterprise supports corporate-owned, single-use, kiosk-style devices with its dedicated devices solution set. Such devices are used for a single purpose, such as digital signage, ticket printing, or inventory management, to name just a few. Admins can lock down the usage of a device to a single app, or a limited set of apps, inclusive of web apps. Users are prevented from adding other apps or taking actions on the device that unless explicitly approved by admins.
- Android Enterprise corporate-owned with a work profile – For corporate-owned, single user devices intended for corporate and personal use. Its somewhere between BYOD and Fully Managed where in Admins can control some of the device settings and features along with Work Profile existence which is a separate managed area on the phone which keeps personal and corporate data separate.
- Android device administrator – In areas where Android Enterprise is available, Google is encouraging movement off device administrator (DA) management by decreasing its management support in new Android releases. Therefore, its best to keep this disabled as most of the Android versions support Android Enterprise.
For the configuration of Android Enrollment, we need to first Login on Endpoint Manager Admin Console and follow below steps:
- Go to Devices -> Enroll Devices -> Android enrollment and click on Managed Google Play.
- On Managed Google Play Page, Click on I agree and then click on Launch Google to connect now.
Please note that you will require a Gmail account for this binding or creating a connection. If you already have one you can use it for sign in and then click on Get Started. I will recommend to create a Gmail account specifically for this connection and store the credentials on your Secret Store / Password vault. I have created and signed in to begin with for this configuration. If you want to create it, you can Sign up and create a google account as shown below:
- Click on Get Started button and Enter your Business Name.
- On Contact Details Page, you can skip information about Data Protection Officer and EU Representative and update that later or complete the information on this page. Agree to the Microsoft Google Play agreement and click on Confirm.
- After you click on Confirm and Complete Registration, It will try to connect your Gmail account and complete the setup process. Once its done, you should see Green Check next to Setup with Registration date.
Once the connection to Managed Google Play is successfully setup, you can configure Enrollment Profiles.