We all have heard about Windows Autopilot by now. It is a great product with a seamless out of the box experience (“OOBE”) for Windows devices and above all simplifies the IT admin and end user’s life. Apple’s DEP Program is also quite seamless for end users, and works well with Intune, but what options do we have for Android corporate owned devices? There is great demand from customers on user voice to support an Android OOBE.
Last July, Microsoft Intune announced support for Android enterprise purpose-built devices. It is specifically designed for corporate owned devices which are dedicated for a single purpose such as digital signage, ticketing system, or inventory management, etc. The admin locks down the device usage to some limited apps and restricts the user from tampering with the device settings. A lot of granular controls and settings are available within this enrollment.
Users can use different methods to enroll their devices such as NFC, entering a string token, scanning a QR code provided by an admin or they can leverage zero touch enrollment.
Remote Device Management and Seamless Provisioning
Purpose-built devices are mostly for users who are at some remote location or at a branch office where IT staff is unavailable and managing such devices can be difficult without a proper MDM solution. With Intune Enterprise Enrollment, these devices can be directly shipped from a vendor to the end user without IT staff touching the devices. The IT staff can still deploy all the security policies and device setting capabilities to the device remotely from the Intune console and when the user powers on the device, they will see a customized experience with company branding. They will not be asked to enter their credentials or go through any of the settings. Everything is taken care of by the IT staff remotely.
For purpose-built devices, all apps are not available in the Google Play Store as they are normally available in personal devices. Instead, IT chooses which apps are available for users to install and use. The apps can be pushed to the device by an admin without the user having to download them. This can be done by setting the app as ‘required’. The updates and security settings of managed apps can also be configured remotely.
Apps can be deployed to a dynamic device group which is created using a query where every device to be enrolled with a dedicated profile will be added as a member into the group.
Managed Home Screen Experience
The Managed Home Screen app is only for corporate-owned devices and can be pushed by the admin. It enables the limited use of the device only to those apps that are approved by the admin. The admin can lock down the usage of device for one app or more. Browsing can also be limited to specific links.
To conclude, Enterprise enrollment for purpose-built devices empowers IT staff with great device management capabilities while also reducing helpdesk calls through a simple end-user experience. This is new and lot more features are yet to come! We will share as we learn more!
At Olive + Goose we have a great team with immense experience to help you on-board your Microsoft Cloud workloads efficiently & securely – reach out to us today.