Intune: Android (Regular) Enrollment and Email

Let’s assume that you want to configure an email configuration for an Android device. Look at the picture above. That is what you will see in Intune when trying to create an email configuration for a (regular) Android enrolled device. Notice something? Yes, email is not an option (unless you’re using KNOX)! You cannot push an MDM email payload to an Android device by default.

app configuration policy options

What about an app configuration policy? Nope, you can’t do that either! As you can see above, when you try to create an app configuration policy for enrolled devices, you only have two options: iOS or Android for Work. Regular Android is not supported.

If you want users to be able to use email on their enrolled Android device, you must consider whether to have them enroll as an Android or Android for Work device. If they enroll as regular Android, they will have to configure their email application manually. The only way to auto-configure an Android device for on-premise Exchange email is to enroll the device using Android for Work (or Knox).

Side note: if you are willing to bypass enrollment altogether, you may be able to use MAM policies to auto-configure Outlook.

Intune: How to enable Android for Work enrollments

Intune allows multiple devices to be enrolled and managed. Most of the device types are allowed by default: Android, iOS, macOS, Windows, etc. However, one thing to note is that Intune treats Android for Work devices completely differently than Android devices. There are completely different configuration profiles and actions designated just for Android for Work. Most importantly, Android for Work enrollments are blocked by default. This post shows how you can enable Android for Work enrollments.

  1. Log into Azure (https://portal.azure.com)
  2. Open the Intune Console
  3. Click on Device enrollment
  4. Click on Android for Work enrollment 
  5. Complete the prerequisites.
  6. Go to Enrollment Restrictions 
  7. You can create a new enrollment restriction or edit the default one. It’s easiest just to edit the default one.
  8. Under “Platforms” switch the toggle for Android for Work from “Block” to “Allow.”¬†

And that’s it! Now you can enroll Android devices with an Android for Work container. Note that if an Android device is capable of Android for Work, then the enrollment type will be Android for Work by default (which is probably why AfW enrollments are turned off by default).