Intune: Android for Work vs Android Enrollments

So you want to enroll an Android device under Intune MDM. The first thing to note is that Android MDM enrollment is very different (and more complicated) than iOS. For iOS, enrollment processes and configuration options are standardized across all iOS versions. Android, being more open to developers and manufacturers, has a much more complicated schema. Here are some different Android enrollment modes:

  • Android enrollment : very limited. Compatible with all versions of Android. Limited restrictions and no email configuration. Similar to iOS in that all configurations are not segregated between personal and corporate data.
  • Android for Work enrollment: fully capable MDM. Fully compatible with Android devices versions 5.0 and up. Configurations are segregated between personal and corporate data. A separate container is created for corporate data.
  • KNOX enrollment: fully capable MDM with additional features. Only available for Samsung Galaxy devices. Costs an additional fee to manage per device, on top of standard MDM.

Because of how different Android and Android for Work enrollments are, they are actually treated completely separately in Intune. Profiles that you designate for Android will not install on Android for Work enrollments, and vice versa. It is vitally important for Intune admins to choose, before users enroll, how Android devices are enrolled. Admins can choose to support Android for Work for all users, Android for all users, or separate defaults for different sets of users. This decision will be implemented via compliance policies. Users are not able to choose which method to use for their device enrollment.

Leave a Reply

Your email address will not be published. Required fields are marked *