Microsoft is releasing the ability to manage and protect corporate devices running on Android using Intune as part of Microsoft Endpoint Manager.
According to Microsoft, Android devices are now mainstream and Android management is already offered by Endpoint Manager, but not all variations of the core Android Open Source Platform (AOSP) meet Google’s certification requirements for integration with Google Mobile Services (GMS). That integration is needed to enable certain capabilities, including access to the Google Play store and Firebase Cloud Messaging-based push notifications.
Devices that are becoming critical in enterprises do not have the ability to use GMS, but still need to be managed alongside other devices to securely access corporate resources and protect sensitive information, Microsoft says.
To solve this, Microsoft says it built a new way to manage devices running AOSP that do no have access to GMS capabilities. The new platform for corporate devices brings devices running AOSP alongside other mobile and desktop endpoints managed under one cloud connected platform, Microsoft says.
Currently, RealWear devices (running Android 10.0 and later) are the only supported devices for AOSP management in Microsoft Endpoint Manager. The company also plans to add the management of specialty devices to a future premium portfolio of cost-effective offerings that include advanced endpoint management capabilities in Endpoint Manager.
For now, organizations will only need a subscription to Microsoft Intune to manage and protect RealWear devices. An additional license will be required to manage and protect specialty devices when Microsoft launches advanced endpoint management.
Microsoft’s solution for managing Android (AOSP) devices provides two provisioning modes for corporate devices:
- Provisioning a device that is directly affiliated to a single user.
- Provisioning a shared/multi-user device that leverages Azure Active Directory Shared Device Mode and may be considered user-less.
Once devices are provisioned, IT can create policies specific for the business scenario and needs of the workers using the AOSP devices without impacting policies created for other Android deployments, according to Microsoft.
Like other platforms, Microsoft’s AOSP management in Endpoint Manager allows IT to deploy specific certificates and Wi-Fi profiles to managed devices. IT can also deploy root and trusted certificates, Public Key Cryptography Standards (PKCS) certificates, and Simple Certificate Enrollment Protocol (SCEP) certificates. In addition, Wi-Fi profiles can be crafted to support simple password authentication, or more rigorous cert-based auth. that leverages pre-deployed certificates, Microsoft says.
IT can enforce restrictions on what device capabilities can and cannot be used to meet organizational standards, and IT can also apply device compliance policies that can prevent access to corporate resources from devices that do not meet the minimum requirements.
Once enrolled in Intune, IT can manage AOSP devices alongside the rest of the organization’s device estate and gives IT the ability to use sorting filters and perform other actions such as wipe, remote lock and PIN reset.
Read Microsoft’s blog to learn more about Android device management.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!