Android for Work Device Owner mode
Is it possible to get Intune to allow Android for Work to be setup in Device Owner Mode? Possibly with the App and NFC "bump" to setup the config.
This possibly one of the requirement from within the NCSC guidance (https://www.ncsc.gov.uk/guidance/eud-security-guidance-android-6)
Hi, if you caught our announcements at Ignite, we announced that we will support device owner mode for Android fully managed corporate devices. It will preview by end of year. Check out our EMS blog for more info
So we’ll call this “started”. :-)
Also, we’ve been supporting Android kiosk mode since July.
I turned on my test devices and the apps came straight through. Compliance and config profiles still don't work though. Seems "preview" is very alpha at the moment. Hopefully it gets fixed shortly.
I've had luck with pushing out applications and most device restrictions, however I can't get the device to prompt for a password. It does lock it down, so that if you go into settings, it will only let you set a password of the complexity that you have set. However it does not prompt you to set a password when there is none, suspect this is down to no compliance policies being pushed out yet.
Looking very promising so far though.
Well, live it may be and you can enroll, but no apps or policies will push out.
Preview now seems to be live
Jon T commented
Owner has been supported for a while to a degree where you can use it with Samsung Knox. Intune manages via Google DPC.
Mike Shakespeare commented
Any update to when this will be available? It has been a feature on almost every other EMM for years now, currently this is stopping my company from moving across to InTune, if it's not in soon we will abandon InTune as a viable EMM and I am sure many others will do the same.
Any update to when the preview will be available
Andrew Dawson commented
Will COPE (corporate-owned, personally enabled) also be supported at the same time?
Finally, we have been waiting for months!!
It's crazy this still has nothing from MS about development here.
Don't make people pick between Intune and Android... you're probably going to lose.
Somewhat surprised that this isn't a feature that has been developed yet. I suspect that there are still a large number of organisations haven't adopted BYOD and never will.
How do you restrict a end user from removing the MDM profile from an Android device ?
With Apple I use the Enrollment Program which connects my Apple Business Account MDM Server containing all our devices and add a Profile to these devices, one setting being Locked Enrollment.
Jeffery Kozera commented
This is a MUST HAVE for any organization using android.
This, together with zero-touch enrollment, would be a great improvement for Android devices managed within Intune.
Alex Janes commented
We really need this. It is a much more effective management strategy for our company owned devices.
Anders Eklöf commented
Since Windows Mobile is out of the picture we really need this! We only have company owned devices.
Any roadmap on when this is due? It was mentioned as coming in early 2018. This is a critical differentiator for many customers who want to leverage Android Enterprise and is supported by all of the other major EMM solutions
Jörgen Nilsson commented
Yes, we need this!
Kick it up a notch Microsoft. This needs to be a part of Intune.
We also need system apps support inside the work profile!What happened there?
Dean Holland commented
That blog references the legacy device management APIs, not the AfW "work-managed device" and "work profile" APIs.
"Work-managed device" allowed DPCs (such as Intune) to be a device owner, taking ownership of the device through the initialisation process. Other EMMs already support this enrolment method.