Android Enterprise corporate-owned work profile

Blocking Bluetooth on Android devices

by

This week is all about a new configuration option for corporate-owned Android Enterprise devices. That new configuration option is the ability to block the usage of Bluetooth. There can be many different reasons why organizations might want to block the usage of Bluetooth on (some) Android devices within the environment. That could be simply from a functional perspective to preserve battery and to extend the usage time, but that could also be more from a security perspective to prevent the device from being exploited. For the latter think about unauthorized access, data interception, malware distribution, or even something like bluejacking (sending messages to nearby devices). All pretty good reasons to think about the default availability of Bluetooth on Android devices within the environment. Especially on …

Read more

Understanding custom device naming templates for Android devices

by

This week is about another nice new feature for the enrollment of Android Enterprise corporate-owned devices, and that feature is the ability to use custom device naming templates. Custom device naming templates enable IT administrators to adjust the name of Android Enterprise corporate-owned devices during the enrollment. That provides IT administrators with the ability to adhere naming conventions to their devices and with that organize the devices neatly within the console. That can also make it a whole lot easier to locate devices. This post will focus on the required configurations for using custom device naming templates for Android Enterprise corporate-owned devices. Note: Keep in mind that custom device naming templates will adjust the management name of the device. Introducing custom device naming templates for Android devices …

Read more

Understanding enrollment time grouping for Android devices

by

This week is all about enrollment time grouping for Android devices. More specifically, enrollment time grouping for Android Enterprise corporate-owned devices. The focus of enrollment time grouping for Android devices is exactly the same as for Windows devices; the focus is to speed up app and policy provisioning during the device enrollment. With enrollment time grouping, the IT administrator can add a device to an Entra security group directly during the enrollment of the device. That enables the IT administrator to use that security group for assigning required apps and device configurations. Together that provides a faster delivery of the required apps and device configurations, as the device will be a member of the security group directly after the enrollment. This takes away any delays …

Read more

Temporarily removing apps and configurations from mobile devices

by

This week is all about a new feature that is specifically for mobile devices, and that feature is the ability to remove, reinstall, and re-apply specific configuration policies, configuration profiles, and apps. The best part is that it can be achieved without changing the assignments of those apps and configurations. That can be really useful to help with resolving specific challenges and to quickly restore the productivity of the user. The apps and configurations that were removed will automatically be restored within 8-24 hours. Alternatively, the IT administrator can also manually initiate an action to restore the removed apps and configurations earlier. So, in the end, the focus remains on ensuring that the devices remain consistent with the assigned apps and configurations. This post will …

Read more

Staging corporate Android devices

by

This week is all about the recently ability to stage Android Enterprise devices. That ability enables IT administrators to further prepare devices before actually giving them to the user. In a way, staging Android Enterprise devices is similar to pre-provisioning Windows devices. In other words, a method to prepare the device for the user and to simplify and fasten the user experience to get up-and-running. Before, the IT administrator would generate an enrollment token that could be used by the user to start the enrollment process. The user would then sign in and walk through the guided enrollment process. Now, with the staging ability, the IT administrator still generates an enrollment token, but instead of directly sharing that with the user, it’s used by the …

Read more

Remotely locating corporate-owned Android Enterprise devices

by

This week is all about remotely locating corporate-owned Android Enterprise devices. More specifically, about the configurations that are related to remotely locating those devices. With one of the latest service updates of Microsoft Intune (2401) a new configuration was introduced to specifically block the location on corporate-owned Android Enterprise devices. That configuration, however, has a direct impact on the ability to locate those devices. Besides that, the availability of remotely locating the device depends on the Android Enterprise deployment method. So, multiple reasons why the ability of remotely locating devices could be unavailable. This post will focus on the available settings related to the location of Android Enterprise devices, followed with the steps to configure those settings. This post will end with the user experience. …

Read more

Welcome to the still growing Android device management jungle: A summary

by

The second short post of this week is another extension of one of my sessions at the Workplace Ninja Summit 2022. At the summit I did my second session about Welcome to the still growing Android device management jungle. During that session I shared information around the still growing device management options for Android devices, pointers that can help with making the right decisions and information around the different configuration options. This post will provide a quick summary of that session by going through the different management options, providing important differences and summarizing the main configuration capabilities. The slides (PDF) of that session are available for download here. Android (device) management options When looking at the Android (device) management options, there are many options. And the number …

Read more

Android Enterprise and Microsoft Intune: A quick summary

by

This week my post is a few days later, as my post is an extension of my session at the Workplace Ninja Virtual Summit 2021. At the virtual summit I did a session about Why you might want to use corporate-owned devices with Work Profile. During that session I shared a summary about Android Enterprise and I zoomed in on the capabilities of corporate-owned devices with Work Profile. This post will provide a summary of that session about the different important components of Android Enterprise and how that integrates and works with Microsoft Intune, followed with a zoom-in on corporate-owned devices with Work Profile. Most of that information will be summarized in tables and slides. The slides (PDF) of that session are available for download here. Android …

Read more

Quick tip: Enable browser access on Android Enterprise corporate-owned devices

by

This week a quick tip about enabling browser access on Android Enterprise Corporate-Owned Fully Managed devices and Android Enterprise Corporate-Owned devices with Work Profile, to work with device-based Conditional Access. That will enable the user to eventually use different apps for accessing company data. That includes for example using the Chrome browser app for accessing SharePoint Online or Exchange Online. On the Android Enterprise devices, this requires a configuration in the Microsoft Authenticator app. In this post I’ll simply provide the steps that are required within the Microsoft Authenticator app. Note: Before providing the mentioned steps, a big thank you to Pat Freeman for pointing me in the right direction. Enable browser access in the Microsoft Authenticator app When knowing the availability of the setting, …

Read more

Getting started with Android Enterprise Corporate-Owned devices with Work Profile

by

Microsoft has recently declared the Android Enterprise Corporate-Owned devices with Work Profile deployment scenario (sometimes also referred to as management scenario) feature complete. That’s really good news and also a really good trigger for a new blog post. This time I’ll skip the different deployment scenarios and use cases, as I’ve written about those here and here. Just to create a good starting point, I’ll start with a quick summary about the main characteristics of this specific deployment scenario in the table below. These characteristics will help with determining if this deployment scenario will fit on the use case. For a complete overview with the different deployment scenarios, please refer to my previous post around this subject. Note: Keep in mind that the user experience …

Read more