Managing Android Devices in Microsoft 365 Using Intune

Hey there! If you’re here, chances are you’re either trying to manage a fleet of Android devices for your business or just wondering how Microsoft Intune fits into the picture. Either way, buckle up because today, I’m breaking down how to manage Android devices in Microsoft 365 using Intune.

Why Manage Android Devices in Intune?

Let’s be real: Android devices are everywhere. From your field employees to executives, people love their Androids. But for businesses, these devices can become a security headache. That’s where Microsoft Intune, a part of the Microsoft 365 suite, steps in. Intune gives you control over apps, settings, and security—whether the devices are company-owned or BYOD (Bring Your Own Device).

So, if you want a secure, streamlined, and easy way to manage Androids, Intune’s got your back. Let’s dive into the details!

Step 1: Choose Your Management Method

Microsoft gives you five ways to manage Android devices with Intune, but to save you time, here are the two big players:

1. Android Enterprise Fully Managed: You own the device and fully control it. Perfect for corporate devices that shouldn’t have personal apps.
2. Android Enterprise Corporate-Owned Work Profile: You own the device but allow personal apps alongside work profiles. Great for flexibility.

For this guide, we’re focusing on Fully Managed devices because, let’s face it, total control rocks when it comes to security.

Step 2: Set Up a Managed Google Play Account

First things first: link a Managed Google Play account to Intune. Why? So you can manage apps from the Google Play Store right within Intune. Here’s how:

1. Log into your Microsoft 365 Admin Center as a Global Admin.
2. Head to Endpoint Manager and click on Devices > Android > Device Onboarding.
3. Under Managed Google Play, agree to the terms and launch Google.
4. Use a dedicated admin email address (preferably within your Microsoft 365 tenant).
5. Follow the prompts to link your account, and boom—you’re good to go.

Step 3: Sync Apps from Google Play to Intune

Now it’s time to choose the apps your users need and sync them to Intune:

1. Open Intune Admin Center and go to Apps > All Apps.
2. Add a new app by selecting Managed Google Play App.
3. Search for the apps you want (e.g., Microsoft 365, Teams, Outlook) and sync them.
4. Once synced, assign the apps to users or devices.

Pro Tip: Use filters to tailor app deployments. For example, only install WhatsApp for executives or Microsoft Lens for marketing teams.

Step 4: Create Enrollment Profiles

Here’s where the magic happens. Enrollment profiles let you prepare devices for users, even if they’re halfway across the country.

There are two types:

• Standard Enrollment: Users scan a QR code, sign in, and everything gets set up.
• Staging Enrollment: IT configures the device in advance and ships it to the user.

For a hassle-free experience, go with Staging Enrollment.

Set an expiration date for the token and save the profile.

In Intune, go to Devices > Android > Enrollment Profiles.

Create a new Fully Managed Staging Profile.

Step 5: Configure Compliance and Security Policies

This step ensures that only secure, compliant devices can access your organization’s data.

1. Compliance Policies:
   • Define minimum OS versions (e.g., Android 14).
   • Require device encryption.
   • Set password requirements.
2. Configuration Profiles:
   • Block things like screen captures, USB transfers, and tethering.
   • Automate system updates.
   • Enforce biometrics for added security.

These policies protect your data while keeping devices user-friendly.

Step 6: Adding Android Devices to Intune

Finally, let’s add a device to Intune:

1. Reset the Android device to factory settings.
2. Open the device’s QR scanner and scan the token generated by your staging profile.
3. The device will connect to Wi-Fi and install the assigned apps and configurations automatically.
4. Once the user receives the device, they simply log in with their Microsoft 365 credentials.

Step 7: Monitor and Manage Devices

After setup, you can monitor and manage devices from the Intune Admin Center. You’ll see details like:

• Device compliance status.
• Installed apps.
• Security alerts.

Need to lock a device remotely? Done. Want to revoke access for a non-compliant device? Easy.

Wrapping It Up

Managing Android devices with Intune is a game-changer for businesses. From enhanced security to seamless user experiences, it’s a win-win. Sure, the setup takes some effort, but once it’s running, you’ll wonder how you ever managed without it.

So, whether you’re securing sensitive company data or just making life easier for your IT team, Intune is worth a shot. Give it a try, and let me know how it works for you!