Never talked about managing Android devices before but since last week there is a Windows Intune Company Portal in the Google Play store that allows us to enroll Android devices into Configuration Manager 2012 R2. In the next couple of blogs I will show you how the management experience will be.
As we all know the Windows Intune connector broaden our reach of more and more devices to manage. Since the management is really depended of the operating system of the (mobile) device the management options can be different per operating system. In this blog we will look at the Android devices, which have still a great market share.
So what can be currently managed for Android?
Configuration Manager 2012 R2 together with Windows Intune is able to manage Android devices and offers the following features.
- Manage Settings like:
- WiFi profiles
- Password settings
- Device restrictions
- Encryption settings
- Security Settings
- Roaming Settings
- Remote Full Wipe
- Remote Selective Wipe
- WiFi profiles are removed
- Deployed certificates are revoked on the server
- Settings policies are removed
- The device administrator privilege of the management agent is revoked.
Enable Android management.
After you acquired a Windows Intune Subscription and enabled the Windows Intune Connector, the first step in managing Android devices is to enable this feature in the Windows Intune Connector. Just enable the “Enable Android Enrollment” checkbox and you are done.
How are we able to enroll Android devices?
As mentioned earlier, as from last week the Windows Intune Company Portal is available in the Google Play store. So the first step will be searching for the Windows Intune Company Portal app as shown below.
After you found the app, click install and accept the dialog that states that the Windows Intune Company Portal needs access to for instance the device its Storage, Application Information, phone status and identity and network communication information.
After the installation is finished, you can start the Company Portal app from the start screen of the device. Click Add device and logon to Windows Intune to start the enrollment process of your Android device.
Next the device will be added and you need to give the Company Portal the device administrator privileged to allow:
- Erase all data (when executing a Remote Device Wipe)
- Change the screen-unlock password
- Set password rules
- Monitor screen-unlock attempts
- Lock the screen
- Set lock-screen password expiration
- Set storage encryption
- Disable cameras
- Disable features in keyguard.
After the device is added, the object will also appear in the Configuration Manager 2012 R2 Console, which allows you to deploy your settings, applications to the device so after the enrollment you are all set to go to be able to manage the Android device.
In the next blogs we will have a look at how to troubleshoot, and how settings and applications are deployed to an Android device.