Month: April 2018

Intune: Android (Regular) Enrollment and Email

IT, MDM

Let’s assume that you want to configure an email configuration for an Android device. Look at the picture above. That is what you will see in Intune when trying to create an email configuration for a (regular) Android enrolled device. Notice something? Yes, email is not an option (unless you’re using KNOX)! You cannot push an MDM email payload to an Android device by default.

app configuration policy options

What about an app configuration policy? Nope, you can’t do that either! As you can see above, when you try to create an app configuration policy for enrolled devices, you only have two options: iOS or Android for Work. Regular Android is not supported.

If you want users to be able to use email on their enrolled Android device, you must consider whether to have them enroll as an Android or Android for Work device. If they enroll as regular Android, they will have to configure their email application manually. The only way to auto-configure an Android device for on-premise Exchange email is to enroll the device using Android for Work (or Knox).

Side note: if you are willing to bypass enrollment altogether, you may be able to use MAM policies to auto-configure Outlook.

Intune: Android for Work vs Android Enrollments

IT, MDM

So you want to enroll an Android device under Intune MDM. The first thing to note is that Android MDM enrollment is very different (and more complicated) than iOS. For iOS, enrollment processes and configuration options are standardized across all iOS versions. Android, being more open to developers and manufacturers, has a much more complicated schema. Here are some different Android enrollment modes:

  • Android enrollment : very limited. Compatible with all versions of Android. Limited restrictions and no email configuration. Similar to iOS in that all configurations are not segregated between personal and corporate data.
  • Android for Work enrollment: fully capable MDM. Fully compatible with Android devices versions 5.0 and up. Configurations are segregated between personal and corporate data. A separate container is created for corporate data.
  • KNOX enrollment: fully capable MDM with additional features. Only available for Samsung Galaxy devices. Costs an additional fee to manage per device, on top of standard MDM.

Because of how different Android and Android for Work enrollments are, they are actually treated completely separately in Intune. Profiles that you designate for Android will not install on Android for Work enrollments, and vice versa. It is vitally important for Intune admins to choose, before users enroll, how Android devices are enrolled. Admins can choose to support Android for Work for all users, Android for all users, or separate defaults for different sets of users. This decision will be implemented via compliance policies. Users are not able to choose which method to use for their device enrollment.