This post has been republished via RSS; it originally appeared at: Intune Customer Success articles.
By Priya Ravichandran | Intune Sr. PM
Preview 2 for Android Enterprise fully managed devices is here! Today we’re providing an update to our preview capabilities which were announced in January 2019 for the Android fully managed device solution. For context, Google used to refer to the fully managed device scenario as Corporate Owned Business Only (COBO), and it is one of the “Device Owner” (DO) management scenarios in the Android Enterprise solution set.
Before we share the latest updates, we wanted to thank you for all the usage and feedback during our initial preview. We’ve incorporated feedback from Preview 1. It’s been great to work with you and we look forward to hearing more.
What’s New in Preview 2
For this update, we focused on compliance and end user experiences. Here are the key new capabilities added into Preview 2:
- Updated onboarding flow for key required policies
- Added Device Owner compliance policies
- Built conditional access workflows
- Added device group targeting
- Released a new end user app called ‘Microsoft Intune’ into the Play store as the app to be used on fully managed devices
- Enabled support for access to the full Play store
- Introduced Knox Mobile Enrollment (continue reading this post for a few limitations in preview for this feature)
These capabilities will add on to what we released in January:
- Device enrollment using NFC, token entry, QR code and Zero Touch
- Device configuration for user groups
- App distribution and configuration for user groups
- App protection policies
- Remote access policies with certificate support (i.e. Wi-Fi, VPN, Email)
- Certificate management
- Support for managing or enabling system apps
As we mentioned earlier in this post, we are introducing a new end user app for Android fully managed devices. This new modern and light-weight app, simply called ‘Microsoft Intune’, will now enable the experiences end users know and love in the Company Portal app for fully managed devices, including managing compliance for their device. This new app is only for the fully managed scenario; in all other Android management scenarios, Company Portal continues to be the end user app.
Intune will now support the ability to create compliance policies on fully managed devices. The smaller set of compliance settings on a fully managed device reflect the smaller list of compliance settings available for fully managed devices. There is a greater degree of control and ability to lock down the device configuration since the scenario is intended for corporate owned devices.
Enabling Access to the Consumer Play Store
Intune will now allow you to enable access to the full consumer store on the fully managed device. Many organizations recognize the need to allow end users to personalize the device assigned to them – including access to their favorite consumer apps.
Users will have the ability to add their personal accounts to the device, if permitted by configuration. This way your end users can customize their device to support personal use as well as corporate use.
Figure 5: Personalized fully managed device with a user’s corporate and personal account
- When using KME to set up Samsung Knox devices:
- The username and password cannot be passed to the fully managed device from the KME portal. This will need to be manually entered.
- The enrollment status of the device will not get updated in the KME portal.
- In the Microsoft Intune app:
- When trying to complete Azure Active Directory registration, you may see an error displayed. If this continues to occur, try again after some time.
- When launching the app, you may see a screen that says, “Hang tight, we’re working to load your organization’s info.” You can check back in after some time to see if it has been resolved.
- You may see that your “Device settings status” is “Noncompliant” with no way to resolve. In the Azure Portal, you will see that the device is not compliant with the “Has a compliance policy assigned” policy, even though a compliance policy is set. Factory resetting your device and enrolling again may resolve it.
Documentation
- https://docs.microsoft.com/intune/android-dedicated-devices-fully-managed-enroll
- https://docs.microsoft.com/intune/android-fully-managed-enroll
- https://docs.microsoft.com/intune/compliance-policy-create-android-for-work
- https://docs.microsoft.com/intune-user-help/enroll-device-android-microsoft-intune-app
- 4/19/19 with updated screen shots
- 4/22/19 extended the app availability date, added in a few known issues