This week is all about connecting Microsoft Intune with Managed Google Play. There has been multiple post already on this blog describing all the different management options available to Android devices. The biggest part being focused on Android Enterprise. Not really strange as Android Enterprise is the most common used program by organizations to integrate support for their Android devices into their management solution. That includes Microsoft Intune. The availability of the APIs belonging to Android Enterprise make sure that the management of Android devices can be standardized and contains many configuration capabilities cross vendor. To get that integration between Microsoft Intune and Android Enterprise, it’s important to connect Microsoft Intune with a Managed Google Play account. Creating that connection has never really been a topic on this blog, mainly because it’s pretty straight forward. And to be really honest, it only got easier. There are, however, still some important things to keep in mind with setting up that connection. This post will go through the required steps, including a brief description.
Connecting Microsoft Intune with a Managed Google Play account
Starting Augustus 2024, Google has simplified the process for Android Enterprise signup and access to Google services. Before, signing up for Android Enterprise would require a personal Gmail account. That has changed. Now it’s possible to simply use a corporate email address and use that to create an account, including single sign-on (SSO). Together that makes a great experience. That account can then be used to add the different Google services, starting with the free Android Enterprise service. Simply because that’s the requirement for connecting with Microsoft Intune. Maybe even better, that account creation can be achieved during the wizard to connect Microsoft Intune with Managed Google Play.
It’s, however, good to think about the corporate account that should be used for creating this account and for setting up the connection. That account should be mail enabled, as some services require additional confirmations. Due to that requirement, administrator accounts are not always an option, as it’s often advised to not have those accounts mail enabled. Simply to limit phishing attacks. That being said, the easiest process to create the binding is by being able to use the same account as the currently signed in account. Of course, it is still possible to adjust the email address to use during the creation of the admin account. That just requires manually providing that account and signing in to that account, during the wizard. The following steps walk through the simplified process to connect Microsoft Intune with Managed Google Play.
- Open the Microsoft Intune admin center portal navigate to Devices > Android > Enrollment > Managed Google Play
- On the Managed Google Play blade, check I agree and click Launch Google to connect now
- On the Create Admin Account page, as shown in Figure 1, specify a corporate email address and click Next
- On the Sign up the easy way page, as shown in Figure 2, click Sign in with Microsoft
- On the Permissions requested page, as shown in Figure 3, click Accept to consent
- On the Tell us about you page, as shown in Figure 4, specify the personal information and click Next
- On the Add subscriptions to your admin account page, as shown in Figure 5, select at least Android Enterprise and click Next
- On the Create account page, as shown in Figure 6, click Agree and continue to accept the agreements
- On the Manage your Android Enterprise devices using Microsoft Intune page, as shown in Figure 7, click Allow and create account to create the binding
Important: Keep in mind that it is also required to eventually sign into the newly created Managed Google Play account and to accept the terms of service.
Note: The example steps are from when the Managed Google Play account is based on the signed in user.
More information
For more information about connecting Intune with a Managed Google Play account, refer to the following docs.
Thanks Peter, great article the detailed steps really help. We already have Intune connected to Google with the original Gmail account method, will these steps replace or disrupt a current setup that uses these Gmail accounts and are there any benefits e.g. performance.
Hi Gerry,
Let’s start with this quote from the docs: “Current Microsoft Intune tenants who have already associated a Gmail account with Intune will continue to be supported.“. So, if you’re already have an active connection don’t do anything and just leave it the way it is. Removing the connection and creating a new connection, directly impact all enrolled devices.
Regards, Peter
Great, thanks Peter.
We’ve been using mail enabled Distribution Lists, then using that mail to create Google account. I like the possibilities.
Same here. I think it’s a good improvement from Google.
Regards, Peter
Hi Peter, thanks for the clear article. I was wondering what Microsoft corporate account is best to use for this. Just a user account (with or without admin rights) or a dedicated account just for this?
Which would be your preference?
Hi Bas,
I would not use personal user account. That always has the risk that somebody leaves and you lose access to that account.
Regards, Peter
Hi Peter!
Does this method register Google Workspace for the @domain.com name you use in your email address? Is Google Workspace a free service if you only use Android Enterprise subscription?
Hi Systxix,
No, you have to specifically select the subscriptions that you want to add (see also Figure 5). Only Android Enterprise is selected by default.
Regards, Peter