Overview
This knowledge base article will show the steps on how to create Device configuration profiles for managed Android Enterprise devices.
The breakdown of this article will cover:
- Device Restriction Policy for Android Enterprise: Personally-Owned Work Profile (BYOD)
- Device Restriction Policy for Android Enterprise: Corporate-owned, fully managed user devices (COBO)
- Device Restriction Policy for Android Enterprise: Corporate-owned devices with work profile (COPE)
- Device Restriction Policy for Android Enterprise: Corporate-owned dedicated devices (COSU)
Device Restriction Policy for Android Enterprise: Personally-Owned Work Profile (BYOD)
1. By navigating to Microsoft Intune portal, then select Devices then under By platform, select Android.
2. Then under Manage devices, select Configuration then select Create then select New policy then select Platform: Android Enterprise then under Personally-Owned Work Profile, select Device Restrictions. Then select Create.
3. Under Basics, enter the following:
Name: Android Enterprise: Personally-Owned Work Profile
Description: Android Enterprise: Personally-Owned Work Profile
Then select Next.
4. Under Configuration settings, expand the following:
For Work profile settings, then select the following:
Select the required under 'Work profile settings'
For Password, then select the following:
Select the required under 'Password'
Then select Next.
For System security, then select the following:
Select the required under 'System security'
Then select Next.
For Connectivity, then select the following:
Select the required under 'Connectivity'
Then select Next.
Then select Next.
5. Under Assignments, select your required groups. Then select Next.
6. Under Review + create, review the settings then select Create.
Device Restriction Policy for Android Enterprise: Corporate-owned, fully managed user devices (COBO)
1. By navigating to Microsoft Intune portal, then select Devices then under By platform, select Android.
2. Then under Manage devices, select Configuration then select Create then select New policy then select Platform: Android Enterprise then under Fully Managed, Dedicated and Corporate-Owned Work Profile, select Device Restrictions. Then select Create.
3. Under Basics, enter the following:
Name: Android Enterprise: Corporate-owned, fully managed user devices - Device Restriction
Description: Android Enterprise: Corporate-owned, fully managed user devices - Device Restriction
Then select Next.
4. Under Configuration settings, expand the following:
For General, then select the following:
Select the required under 'General'
For System security, then select the following:
Select the required under 'System security'
Then select Next.
For Device experience, then select the following:
Enrollment profile type: Fully managed
Select the required under 'Device experience'
Then select Next.
For Device Password, then select the following:
Enrollment profile type: Fully managed
Select the required settings under 'Device experience'
For Power Settings, then select the following:
Time to lock screen (work profile-level): 15 minutes
Screen on while device plugged in: 0 selected (Optional to choose)
For Users and Accounts, then select the following:
Select the required settings under 'Users and Accounts'
For Applications, then select the following:
Select the required settings under 'Users and Accounts'
Then select Next.
5. Under Assignments, select your required groups. Then select Next.
6. Under Review + create, review the settings then select Create.
Device Restriction Policy for Android Enterprise: Corporate-owned devices with work profile (COPE)
1. By navigating to Microsoft Intune portal, then select Devices then under By platform, select Android.
2. Then under Manage devices, select Configuration then select Create then select New policy then select Platform: Android Enterprise then under Fully Managed, Dedicated and Corporate-Owned Work Profile, select Device Restrictions. Then select Create.
3. Under Basics, enter the following:
Name: Android Enterprise: Corporate-owned with work profile - Device Restriction
Description: Android Enterprise: Corporate-owned with work profile - Device Restriction
Then select Next.
4. Under Configuration settings, expand the following:
For Work profile settings, then select the following:
Select the required needed for your organisation.
Then select Next.
5. Under Assignments, select group: Corporate-owned with work profile. Then select Next.
6. Under Review + create, review the settings then select Create.
Device Restriction Policy for Android Enterprise: Corporate-owned dedicated devices (COSU)
1. By navigating to Microsoft Intune portal, then select Devices then under By platform, select Android.
2. Then under Manage devices, select Configuration then select Create then select New policy then select Platform: Android Enterprise then under Fully Managed, Dedicated and Corporate-Owned Work Profile, select Device Restrictions. Then select Create.
3. Under Basics, enter the following:
Name: Android Enterprise: Corporate-owned dedicated devices - Device Restrictions
Description: Android Enterprise: Corporate-owned dedicated devices - Device Restrictions
Then select Next.
4. Under Configuration settings, expand Device experience then select the following:
Enrollment profile type: Dedicated device
Kiosk mode: Multi-App
Custom app layout: Enable
Grid Size: Select the desired grid size
Select the required apps for display
Then select Next.
5. Under Assignments, select your required groups. Then select Next.
6. Under Review + create, review the settings then select Create.