Remotely locating corporate-owned Android Enterprise devices

This week is all about remotely locating corporate-owned Android Enterprise devices. More specifically, about the configurations that are related to remotely locating those devices. With one of the latest service updates of Microsoft Intune (2401) a new configuration was introduced to specifically block the location on corporate-owned Android Enterprise devices. That configuration, however, has a direct impact on the ability to locate those devices. Besides that, the availability of remotely locating the device depends on the Android Enterprise deployment method. So, multiple reasons why the ability of remotely locating devices could be unavailable. This post will focus on the available settings related to the location of Android Enterprise devices, followed with the steps to configure those settings. This post will end with the user experience. …

Read more

Getting started with Remote Help for Android

This week is back to the Android platform. More specifically, Remote Help for Android. Remote Help on itself is nothing new, as it was already introduced a while ago for Windows devices, but it is new for Android devices. Starting with the latest service release of Microsoft Intune (service release 2308), Microsoft introduced support for Remote Help on Android devices. More specifically, support for Remote Help on Android Enterprise dedicated devices. And even more specifically, only Samsung and Zebra devices. That enables IT administrators to provide remote support to users on Android Enterprise dedicated devices, by simply starting a screen sharing session or asking for full control. This post will start with a short introduction, followed with the steps to get Remote Help working for …

Read more

Quick tip: App inventory for corporate-owned Android Enterprise devices

This week another short post. Not just because I missed blogging during my vacation, but mainly to create awareness for a very interesting and often requested feature. That feature is the app inventory for corporate-owned Android Enterprise devices. Until recently the app inventory was not available for corporate-owned Android Enterprise devices, but that has changed. With the recent Microsoft Intune service release (2307), Microsoft has now made some changes to app management and app inventory. Those changes are actually triggered by Google, as Google has started deprecating features and methods of the Google Play EMM API. And even though there are alternatives within that API available, the general advise is to move to the modern Android Management API. That’s exactly what Microsoft is doing and …

Read more

Quick tip: Adding custom support information to corporate-owned Android Enterprise devices

This first post after my vacation is a quick tip about adding custom support information to corporate-owned Android Enterprise devices. Custom support information enables IT administrators, to customize the short message that is shown when users try to change a setting that is managed by the organziation, to customize the long message that is shown when looking at more information about the short message, and to show information on the device lock screen. Especially the latter customization can be useful for showing some specific information to the user about the device. Think about easily providing the user access the (management) name of the device, or the serial number of the device. This post will walk through the configuration options, followed with the user experience. Configuring …

Read more

Organizing Managed Google Play apps with collections

This week is all about a smaller newly introduced feature regarding Android Enterprise. A feature that helps with organizing the Managed Google Play apps within the Managed Google Play store. When structure and details are important, this is that sweet little detail that makes it perfect. Starting with the latest service release of Microsoft Intune (service release 2211), there is now support for organizing apps within the Managed Google Play store by using collections. Collections are shown on the front page of the Managed Google Play store and provide users with easy access to the required apps. Collections can be used to organize apps in different categories. Custom categories. It’s completely up to the IT administrator to create collections, to name collections, to add apps …

Read more

Using Microsoft Defender for Endpoint on Android for protecting the personal profile

This week another post about Microsoft Defender functionality, but on a completely different platform. This week is all about using Microsoft Defender for Endpoint, on Android devices, for protecting the personal profile. And for now, specifically focused on personally owned devices. That protection functionality is focused on providing users with the same level of protection in their personal profile, as provided in their work profile. It provides users – within their personal profile – with malware scanning on user-installed apps, protection from malicious URLs, network protection, and privacy controls. That provides users with better protection and organizations with more control on which devices are allowed to have access to company data. This post will mainly focus on the configuration of that additional protection of the …

Read more

Common Criteria Mode for corporate-owned Android Enterprise devices

This week something completely different compared to the last few weeks. While the last last few weeks were all about the great simplicity of Windows 365 Enterprise, this week is all about Android Enterprise. Different platform, theoretically possibly the same device. With the introduction of Android 11 (API level 30), some nice new features were introduced for enterprises. That includes the addition of the Common Criteria (CC) Mode. CC Mode already exists for a few years for Samsung Knox devices and – in combination with Microsoft Intune – already could be configured by using OEMConfig (with the KSP app), but is now available by default within Android Enterprise. Even better, with one of the latest service releases (2207) of Microsoft Intune that can now be …

Read more

Welcome to the still growing Android device management jungle: A summary

The second short post of this week is another extension of one of my sessions at the Workplace Ninja Summit 2022. At the summit I did my second session about Welcome to the still growing Android device management jungle. During that session I shared information around the still growing device management options for Android devices, pointers that can help with making the right decisions and information around the different configuration options. This post will provide a quick summary of that session by going through the different management options, providing important differences and summarizing the main configuration capabilities. The slides (PDF) of that session are available for download here. Android (device) management options When looking at the Android (device) management options, there are many options. And the number …

Read more

Addressing the need for multiple Microsoft Tunnel Gateway servers

This week will focus on addressing the need for multiple Microsoft Tunnel Gateway servers. A single server is easy to setup, and easy to discuss and to describe, but that just a starting point. Often there is a need for multiple Microsoft Tunnel Gateway servers. That could be for providing high availabilty, for supporting the right amount of users and even for providing access to resources on different remote locations. So, it can be multiple servers on the same location and multiple servers on different locations. This post will go through the main scenarios for multiple servers and will focus on the main configurations that should be in place to support and configure those scenarios. No detailed configurations this time. Only descriptions of the main …

Read more

Using Microsoft Tunnel for per-app VPN

This week is another mobile focused blog post. This week is al around Microsoft Tunnel. More specifically, this week is all about using Microsoft Tunnel for providing per-app VPN on iOS/iPadOS devices and Android devices. Per-app VPN enables organizations to only allow specifically configured apps to use the configured VPN tunnel. So, not simply pushing all traffice through the VPN tunnel, but only the traffic of specific apps. That provides a solid method for providing access to on-premises resources for only the apps that really need it. This post will start with a quick summary of what should be in place, followed by going through the important per-app VPN specific configurations. Those configurations slightly differ per platform. This post will end by showing the user …

Read more