Android Enterprise fully managed

Blocking Bluetooth on Android devices

by

This week is all about a new configuration option for corporate-owned Android Enterprise devices. That new configuration option is the ability to block the usage of Bluetooth. There can be many different reasons why organizations might want to block the usage of Bluetooth on (some) Android devices within the environment. That could be simply from a functional perspective to preserve battery and to extend the usage time, but that could also be more from a security perspective to prevent the device from being exploited. For the latter think about unauthorized access, data interception, malware distribution, or even something like bluejacking (sending messages to nearby devices). All pretty good reasons to think about the default availability of Bluetooth on Android devices within the environment. Especially on …

Read more

Understanding custom device naming templates for Android devices

by

This week is about another nice new feature for the enrollment of Android Enterprise corporate-owned devices, and that feature is the ability to use custom device naming templates. Custom device naming templates enable IT administrators to adjust the name of Android Enterprise corporate-owned devices during the enrollment. That provides IT administrators with the ability to adhere naming conventions to their devices and with that organize the devices neatly within the console. That can also make it a whole lot easier to locate devices. This post will focus on the required configurations for using custom device naming templates for Android Enterprise corporate-owned devices. Note: Keep in mind that custom device naming templates will adjust the management name of the device. Introducing custom device naming templates for Android devices …

Read more

Understanding enrollment time grouping for Android devices

by

This week is all about enrollment time grouping for Android devices. More specifically, enrollment time grouping for Android Enterprise corporate-owned devices. The focus of enrollment time grouping for Android devices is exactly the same as for Windows devices; the focus is to speed up app and policy provisioning during the device enrollment. With enrollment time grouping, the IT administrator can add a device to an Entra security group directly during the enrollment of the device. That enables the IT administrator to use that security group for assigning required apps and device configurations. Together that provides a faster delivery of the required apps and device configurations, as the device will be a member of the security group directly after the enrollment. This takes away any delays …

Read more

Temporarily removing apps and configurations from mobile devices

by

This week is all about a new feature that is specifically for mobile devices, and that feature is the ability to remove, reinstall, and re-apply specific configuration policies, configuration profiles, and apps. The best part is that it can be achieved without changing the assignments of those apps and configurations. That can be really useful to help with resolving specific challenges and to quickly restore the productivity of the user. The apps and configurations that were removed will automatically be restored within 8-24 hours. Alternatively, the IT administrator can also manually initiate an action to restore the removed apps and configurations earlier. So, in the end, the focus remains on ensuring that the devices remain consistent with the assigned apps and configurations. This post will …

Read more

Staging corporate Android devices

by

This week is all about the recently ability to stage Android Enterprise devices. That ability enables IT administrators to further prepare devices before actually giving them to the user. In a way, staging Android Enterprise devices is similar to pre-provisioning Windows devices. In other words, a method to prepare the device for the user and to simplify and fasten the user experience to get up-and-running. Before, the IT administrator would generate an enrollment token that could be used by the user to start the enrollment process. The user would then sign in and walk through the guided enrollment process. Now, with the staging ability, the IT administrator still generates an enrollment token, but instead of directly sharing that with the user, it’s used by the …

Read more

Remotely locating corporate-owned Android Enterprise devices

by

This week is all about remotely locating corporate-owned Android Enterprise devices. More specifically, about the configurations that are related to remotely locating those devices. With one of the latest service updates of Microsoft Intune (2401) a new configuration was introduced to specifically block the location on corporate-owned Android Enterprise devices. That configuration, however, has a direct impact on the ability to locate those devices. Besides that, the availability of remotely locating the device depends on the Android Enterprise deployment method. So, multiple reasons why the ability of remotely locating devices could be unavailable. This post will focus on the available settings related to the location of Android Enterprise devices, followed with the steps to configure those settings. This post will end with the user experience. …

Read more

Welcome to the still growing Android device management jungle: A summary

by

The second short post of this week is another extension of one of my sessions at the Workplace Ninja Summit 2022. At the summit I did my second session about Welcome to the still growing Android device management jungle. During that session I shared information around the still growing device management options for Android devices, pointers that can help with making the right decisions and information around the different configuration options. This post will provide a quick summary of that session by going through the different management options, providing important differences and summarizing the main configuration capabilities. The slides (PDF) of that session are available for download here. Android (device) management options When looking at the Android (device) management options, there are many options. And the number …

Read more

Backup and restore Android Enterprise fully managed devices

by

This week is something completely different compared to the last couple of weeks. This week is back to the Android platform. More specifically, backing up and restoring data on Android Enterprise fully managed devices. An often heard challenge with Android Enterprise managed devices, is the lack of available functionalities for restoring data from an old device to a new device. So, the ability to backup the data on the old device and to restore the data on the new device. That’s challenging as there is simply a lack of available backup functionality when relying on Android Enterprise. The Samsung Smart Switch app could be a solution for that challenge. It enables users to seamlessly transfers contacts, photos, music, videos, messages, notes, calendars and more to …

Read more

Quick tip: Enable browser access on Android Enterprise corporate-owned devices

by

This week a quick tip about enabling browser access on Android Enterprise Corporate-Owned Fully Managed devices and Android Enterprise Corporate-Owned devices with Work Profile, to work with device-based Conditional Access. That will enable the user to eventually use different apps for accessing company data. That includes for example using the Chrome browser app for accessing SharePoint Online or Exchange Online. On the Android Enterprise devices, this requires a configuration in the Microsoft Authenticator app. In this post I’ll simply provide the steps that are required within the Microsoft Authenticator app. Note: Before providing the mentioned steps, a big thank you to Pat Freeman for pointing me in the right direction. Enable browser access in the Microsoft Authenticator app When knowing the availability of the setting, …

Read more

Creating a custom look-and-feel across Android Enterprise fully managed devices

by

This week is all about Android Enterprise fully managed devices. More specifically, this week is all about creating a single look-and-feel across all Android Enterprise fully managed devices by using the Microsoft Launcher app. Similar to working with Android Enterprise dedicated devices and using the Managed Home Screen app. The Microsoft Launcher app provides many configuration options that can be configured by using an app configuration policy. That in combination with the recently introduced feature to configure the Microsoft Launcher app as the default launcher, enables the administrator to create a custom look-and-feel across all Android Enterprise fully managed devices. In this post I’ll show how to add the Microsoft Launcher app, how to configure the Microsoft Launcher app and how to configure the default …

Read more