top of page
Writer's pictureAakash Rahsi
Sep 93 min read

Ultimate Guide: Setting Up Android Work Profiles with Microsoft Intune

Updated: Sep 16

Are you looking to effectively manage Android devices in your organization using Microsoft Intune? This comprehensive guide covers everything from prerequisites to best practices, ensuring seamless setup and management of Android Work Profiles.

Step 1: Confirm Prerequisites for Microsoft Intune Setup

Before configuring Microsoft Intune for Android device management, ensure you meet these critical prerequisites:

  • Verify License: Your organization must have an Intune or Microsoft 365 license that supports device management (e.g., Microsoft 365 Business Premium, EMS E3/E5).

  • Check Device Compatibility: All Android devices should be running Android 8.0 (Oreo) or later and include Google Mobile Services (GMS).

  • Admin Access Required: Administrator access to the Microsoft Endpoint Manager Admin Center is necessary.

  • Managed Google Play Account: Ensure a managed Google Play account is available and linked with Intune.

Step 2: Configure Intune for Android Work Profile Enrollment

To set up Android Work Profiles in Microsoft Intune, follow these steps:

  1. Sign in to Microsoft Endpoint Manager Admin Center:

  2. Set Up Android Enterprise Enrollment:

    • Navigate to Devices > Android > Android enrollment.

    • Select Managed Google Play and click Connect.

    • Sign in with your Google account and link it to your organization’s Managed Google Play account.

    • Accept the terms and conditions, and ensure the status shows “Connected.”

  3. Create Enrollment Restrictions:

    • Go to Devices > Enrollment restrictions > Create restriction > Device type restriction.

    • Name the restriction (e.g., “Android Work Profile Restriction”).

    • Set Android Enterprise work profile to Allowed and block other enrollment types if necessary.

Step 3: Define Compliance Policies for Android Devices

  1. Create a Compliance Policy:

    • Go to Devices > Compliance policies > Create policy.

    • Select Platform: Android Enterprise > Work Profile.

    • Define compliance settings, such as password requirements, device encryption, and rooted device blocks.

    • Assign actions for non-compliance (e.g., notify user, block access) and save the policy.

Step 4: Configure Device Configuration Profiles for Android Work Profiles

  1. Create a Configuration Profile:

    • Navigate to Devices > Configuration profiles > Create profile.

    • Select Platform: Android Enterprise and choose Profile type: Work Profile Only.

    • Configure settings such as password policies, clipboard sharing, data restrictions, Wi-Fi, VPN, and app configurations.

    • Assign the profile to relevant user or device groups.

Step 5: Deploy Managed Applications to the Android Work Profile

  1. Approve Apps in Managed Google Play Store:

    • Go to Apps > Android > Managed Google Play.

    • Click Approve Apps to open the Managed Google Play Store and select required apps (e.g., Microsoft Outlook, Teams).

    • Approve the apps, configure settings, and sync them with Intune.

  2. Deploy Approved Apps:

    • Navigate to Apps > All apps > Add.

    • Select Managed Google Play app and choose synced apps.

    • Configure deployment settings (e.g., Required or Available), assign the apps to relevant groups, and click Create.

Step 6: Enroll Android Devices with a Work Profile

  1. User Enrollment Instructions:

    • Ask users to download the Microsoft Intune Company Portal app from the Google Play Store.

    • Guide users to sign in with their corporate credentials and follow prompts to set up the work profile.

  2. Verify Enrollment:

    • Check the device status in the Intune console under Devices > All devices to confirm enrollment.

Step 7: Monitor and Report Work Profile Status

  1. Monitor Devices:

    • Go to Devices > All devices and filter by platform to view enrolled devices.

    • Click on individual devices to see compliance status and deployment progress.

  2. Generate Reports and Alerts:

    • Use Reports > Device compliance to create compliance reports.

    • Navigate to Monitor > Alerts to set up alerts for non-compliance or critical issues.

Step 8: Troubleshoot Common Issues with Android Work Profiles

  1. Enrollment Failures:

    • Verify that the device is compatible, connected to a reliable network, and all necessary permissions are granted.

  2. Non-compliance:

    • Ensure compliance policies are correctly configured and assigned.

  3. Application Deployment Issues:

    • Sync apps with Intune and check deployment logs for errors.

Step 9: Best Practices for Managing Android Work Profiles in Microsoft Intune

  • Regularly Update Policies: Review and update compliance and configuration profiles to align with evolving security requirements.

  • Monitor Device Status: Use Intune’s reporting and alerting tools to keep track of device compliance and deployment status.

  • Educate Users: Ensure end-users understand the purpose of work profiles and follow corporate security policies.

6 views0 comments

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
bottom of page