How to Manage Android Devices in Microsoft 365 Using Intune

Introduction

This tutorial will guide you through managing Android devices within Microsoft 365 using Intune. You'll learn how to effectively set up, configure, and maintain your Android devices to ensure they are secure and compliant. Whether you're a beginner or an experienced user, this guide will provide you with the essential steps and best practices for device management.

Step 1: Understand Android Management Options

• Familiarize yourself with the different management types available in Intune:
  • Fully Managed Devices: Devices owned by the organization that can be fully controlled.
  • Corporate-Owned, Personally Enabled (COPE): Allows for personal use on corporate devices.
  • BYOD (Bring Your Own Device): Personal devices enrolled for limited management.
• Choose the management option that best fits your organizational needs.

Step 2: Connect Google Managed Play Account

• Set up a Google Managed Play account to integrate Google services with Intune.
• Navigate to the Intune console:
  • Go to Apps > App Protection Policies.
  • Select Google Managed Play and follow the prompts to link your account.
• Ensure that your organization has the necessary permissions to access the Google Play services.

Step 3: Sync Apps from Google to Intune

• After connecting your Google Managed Play account, sync the apps.
• In the Intune console:
  • Go to Apps > Android Apps.
  • Click on Sync to pull in available apps from Google Play.
• Review the apps and choose those that you want to make available to users.

Step 4: Create Enrollment Profile

• Configure the enrollment profile for your Android devices.
• In the Intune console:
  • Navigate to Devices > Android > Enrollment.
  • Create a new profile by selecting the type of devices and adding required settings.
• Ensure that the profile aligns with your organization’s security and compliance policies.

Step 5: Assign Apps to Devices

• Assign the synced apps to the enrolled devices.
• In the Intune console:
  • Go to Apps > All Apps.
  • Select the app you want to assign, then click on Assignments.
  • Choose the device groups or users that should receive the app.

Step 6: Configure Profiles

• Set up configuration profiles to manage device settings.
• Navigate to Devices > Configuration Profiles in Intune:
  • Create profiles for Wi-Fi, VPN, email, etc.
  • Specify settings according to your organization’s requirements.
• Assign these profiles to the relevant device groups.

Step 7: Set Up Compliance Policies

• Establish compliance settings to ensure devices meet security standards.
• Go to Devices > Compliance Policies in the Intune console:
  • Create a new policy, defining the criteria for compliance (e.g., password requirements, encryption).
• Assign the policy to user groups to enforce compliance checks.

Step 8: Add Android Device to Intune

• Enroll the Android device to Intune.
• On the Android device:
  • Download the Company Portal app from Google Play.
  • Sign in with your organizational account and follow the steps to enroll the device.
• Ensure that you complete all prompts to fully integrate the device with Intune.

Step 9: Final User Configuration

• After the device is enrolled, perform final configurations.
• Users should check the Company Portal app for available apps and settings.
• Confirm that all assigned applications and policies are applied correctly.

Conclusion

By following these steps, you can successfully manage Android devices in Microsoft 365 using Intune. Key takeaways include understanding the different management options, setting up your Google Managed Play account, and configuring apps and compliance settings. Next, consider exploring additional features in Intune to further enhance device management and security within your organization.