Microsoft Ignite 2020 is a virtual event with so much interesting content around Microsoft endpoint manager.
Following are some of the key takeaways from the ignite 2020 with MEM Program Manager’s on Managing Android devices with Microsoft Endpoint Manager.
- Intune has full android enterprise support across all scenarios.
- Recent public preview release for the management of corporate-owned devices with a work profile.
- Google is decreasing support for device administrator management and recommended to move to work profile using android enterprise
- Extensive configuration of the Microsoft Launcher app on fully managed devices
- Support for management of rugged devices with OEMconfig
- Support for enrolling dedicated devices into Azure AD Shared mode (soon).
With the lightest-weight management on the left and the most locked down on the right (MDM).
1) and 2) are the BYOD personal devices, of which 1) is managed only at the app level using app protection policies.
The rest of the 4 cases are through Google's Android Enterprise program.
Device 2) is BYOD and configured with a work profile, which is the one personal type of management in Android Enterprise. It creates a work profile on the device where the corporate apps and data are kept separate from the rest of the user's personal device.
Device 3) is corporate-owned with a work profile, which is in preview now and has a similar end-user experience as personally-owned work profile devices but with additional device-level management capabilities since it is a company-owned device.
It offers separation between the work and personal profiles but with more device-level control than for personally owned work profile devices, including the ability to remotely factory-reset the device and manage system updates. The public preview includes the ability to create multiple enrollment profiles with unique non-expiring tokens so that a variety of configuration settings- assigning configure apps.
Device 4) is fully managed and admins have management of the entire device and the user does not see a separation between work and personal information.
Device 5) is dedicated management for use in kiosk scenarios and other cases without a single user affinity.
To help you visualize how many Android devices you have in your environment across all the device management scenarios, Microsoft has added this bar chart on the Android Overview page.
To see the list of the android devices with enrollment type, you can click on the android solution hyperlink enabled.
If you have any android users who enrolled using device administrators and move users from DA management to work profile management, Microsoft has added a compliance setting to make those DA devices non-compliant.
Enrollment of company-owned devices:
All three include options for streamlined enrollment using Google zero-touch, Samsung's Knox Mobile Enrollment, and additional out-of-the-box enrollment methods like QR code scanning.
Upcoming features for corporate-owned devices with work profile:
These corporate management methods offer incredible management depth, even for the most locked-down scenarios, with capabilities like manufacturer-specific configuration with OEMconfig.
Microsoft added extensive integration with the Microsoft Launcher app for fully managed devices, now allowing you to set it as the default launcher app on the device and configure many different aspects of the user's experience, including setting custom wallpaper, showing or hiding the dock, and choosing the placement of the search bar.
Enabling first-line workers with Intune:
Azure AD shared device mode with Managed home screen:
Managed Google play (MGP):
And finally what’s new in Intune Android support:
For complete demonstration, please watch https://youtu.be/jbD5kQzOkAc
For a complete list of Microsoft Endpoint Manager sessions at Ignite 2020, please refer https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/microsoft-endpoint-manager-at-microsoft-ignite-2020/ba-p/1681322
