Microsoft Intune allows you to manage all your devices in a single platform. Windows, Android, MacOS or iOS can be managed using Intune device management capabilities.
When it comes to Android specifically, there are several ways you can enroll and manage a device.
Android Enterprise (offering a set of enrollment options that provide users with the most up-to-date and secure features):
Android Enterprise work profile: For personal (used mostly in BYOD scenarios) devices granted permission to access corporate data. Admins can manage work accounts, apps, and data. Personal data on the device is kept separate from work data and admins don’t control personal settings or data.
Android Enterprise dedicated: For corporate-owned, single use devices, such as digital signage, ticket printing, or inventory management. Admins lock down the usage of a device for a limited set of apps and web links. It also prevents users from adding other apps or taking other actions on the device.
Android Enterprise fully managed user devices: (In Preview Mode) For corporate-owned, single user devices used exclusively for work and not personal use. Admins can manage the entire device and enforce policy controls unavailable to work profiles.
If you decide to go ahead with the 3rd option, there are a few things to consider.
- Supervised mode supported only for latest devices
- At least Android 6.0
- Enrollment is done manually via a QR code
- Device has to be fully erased before the enrollment begin
Take the following steps to ensure your device retain all the default and system apps (google apps, camera, calculator, calendar, photos etc..). In my case, the original QR given by Intune simply took off all default and system apps after enrolling. This workaround is to address this issue.
To get the QR code from your Intune profile which is relevant for your enrollment, head on to Intune –> device enrollment blade –> Android Enrollment –> Choose “Corporate owned-fully managed user device” option –> Make sure this option is enabled and you can see the QR right there.
And now head on to one of the QR code decoding service. I used https://blog.qr4.nl/Online-QR-Code-Decoder.aspx which did the job very well without any cost for me. Its just a matter of uploading your QR and click a button to simply extract the code behind.
Now you have the code behind with you. we have to edit this and include the following portion in the code.
“android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED”:true
Once it added, your final code would look similar to this:
Now, we need another service to re-encode this new code we have. I used https://www.qr-code-generator.com which was great for me. Again there is no cost for this, too!
Once you have encoded, you can download the QR. And now simply use this one to enroll the Android device.
If you followed the steps correctly, all default and system apps should remain intact after the enrollment.
Microsoft Cloud Infrastructure Technical Journal 