Microsoft Intune and Azure (MPN17587)


Today I took the Microsoft Intune and Azure (MPN17587) course on the Microsoft Partner Network. As someone who has been working with Intune for a while now it was a good way to brush up on the fundamentals. The second section, “Microsoft Intune Core Skills,” was actually deprecated, but the same concepts can be found in the Microsoft Knowledgebase: What does the class cover, in more detail?

  • What Intune is
  • How does Intune fit into the Microsoft product line
  • What Azure Portal is
  • How Intune works from a high level
  • How to deploy Intune at a high level
  • How to manage apps in Intune at a high level
  • How to mange devices in Intune at a high level

I would say that it takes about 3-5 hours to completely go over all the information in this class. It is worth it if you are implementing Intune in your enterprise environment.

Intune: How to enable Android for Work enrollments

Intune allows multiple devices to be enrolled and managed. Most of the device types are allowed by default: Android, iOS, macOS, Windows, etc. However, one thing to note is that Intune treats Android for Work devices completely differently than Android devices. There are completely different configuration profiles and actions designated just for Android for Work. Most importantly, Android for Work enrollments are blocked by default. This post shows how you can enable Android for Work enrollments.

  1. Log into Azure (
  2. Open the Intune Console
  3. Click on Device enrollment
  4. Click on Android for Work enrollment 
  5. Complete the prerequisites.
  6. Go to Enrollment Restrictions 
  7. You can create a new enrollment restriction or edit the default one. It’s easiest just to edit the default one.
  8. Under “Platforms” switch the toggle for Android for Work from “Block” to “Allow.” 

And that’s it! Now you can enroll Android devices with an Android for Work container. Note that if an Android device is capable of Android for Work, then the enrollment type will be Android for Work by default (which is probably why AfW enrollments are turned off by default).