Reserved for ads. Please scroll down.

You will see questions about Microsoft Intune, configuration profiles, and compliance policies. You won't see any questions about how to set up a device in Intune but I thought it was important for you to see so I've created a lesson. If you already set up Intune to work with Android devices or are only concerned about passing the MS-500 feel free to skip this lesson.

Configure Android enrollment

Before you can add Android devices to Microsoft Intune you'll need to connect your Intune tenant to Google.

1. Go to Microsoft Endpoint Manager admin center > Devices > Enroll devices > Android enrollment > Managed Google Play. Click I agree > Launch Google to connect now.

2. Follow the prompts to sign in and set up your Android to Work account. Once you're complete you'll see a notification saying "Managed Google Play successfully configured with tenant" and you'll notice the Enrollment profiles are unlocked.

The many ways to set up an Android device

So now we’re ready to finally set up our first Android device. Or are we? Before we can set up our first Android device, we need to discuss one last thing, how do you want to configure the device?

Ownership: personal vs corporate

In short, Android has a couple of options. First, the device can be personally owned or corporate-owned. In short, did the user bring their own device or did the company buy the device and give it to the user? If the device is personally owned, then the device will automatically receive a work profile. In short, the user can continue to use their personal apps and device like they normally would, and the work apps go in a separate container on the phone. The device will even have a managed Google Play store app so users can download apps to the workspace. Only apps that you have allowed will show up in the managed Google Play app store.

With corporate-owned devices a bit more information is available to the admins. Intune will collect the following information on corporate-owned devices but won’t gather the information for personally owned devices:

• Phone number
• App inventory

By default, devices enrolled in Intune are considered personally owned. To convert a device to corporate ownership you must perform one of the following:

• Setup up the fresh factory reset device to be corporate-owned.
• Set the device serial number inside Intune prior to enrollment.
• Have an Intune administrator manually convert the device from personally owned to corporate-owned.

Android Enterprise: Corporate-owned fully managed user devices

In this configuration, the device is owned by the corporation but is given to an individual. With corporate-owned fully managed user devices, there isn’t a personal / work profile on the device. There’s only a work profile. So, the user doesn’t have to understand the difference. Also, the Managed Google Play store is the only store available. So, the user cannot install apps and games on the device unless you’ve made them available in the managed Google Play store.

Android Enterprise: Corporate-owned devices with work profile

In this configuration, the device is owned by the corporation but is given to an individual. With corporate-owned devices with a work profile, the device is split between the work profile and personal, just like the devices when they are personally owned devices with a work profile. If you have a mix of personally owned and corporate-owned devices I’d recommend using this policy.

Android Enterprise: Corporate-owned dedicated devices

Corporate-owned dedicated devices are set up for devices that do not have a personal owner. For example, you may have a tablet in the conference room that anyone that uses the conference room has access to the tablet. With corporate-owned dedicated devices, users won’t be able to install any apps on the device. The only apps that will be installed are required apps that are pushed to devices.

How to set up corporate-owned Android devices

Since setting up devices isn't covered under the MS-500 I'll be skipping this section but a quick FYI: to set up a device as corporate-owned you need to set up the enrollment. Go to Microsoft Endpoint Manager admin center > Devices > Enroll devices > Android enrollment and set up the enrollment profile you want to use.

How to enroll an Android personally owned device

Enrolling an Android personally owned device is simple. And there’s no setup on the back end. Have the user perform the following steps on their device:

1. Open the Google Play store and search for Intune Company Portal. Install the app.

2. Once installed, open the app. Click Sign in. Enter your company username and password. If prompted complete the MFA.

4. Click Devices > My Android.

5. Click This device is not managed.

6. Click Begin > Continue > Accept & continue > Next > Continue > Done > Got it.