Friday, 15 August 2025

Set up Intune to deploy and manage apps for Android

         

 

Set up Intune to deploy and manage apps for Android

Microsoft Intune is a cloud-based service that enhances data protection by managing devices and apps through mobile device management and mobile application management. It secures both organization and personal devices at the app level, protecting data even on non-enrolled devices.

How to manage and secure managed and unmanaged devices:

  • Google Play app configuration.
  • App protection policy creation and management.
  • Validate and manage data.
  • Monitor apps.

 

There are two types of devices to setup:

·         Managed Devices

·         Unmanaged Devices

How to Deploy applications and push configurations to the device

Device prerequisites:

Review managed Google Play connection

Required

Review Android OS requirements

Required

Meet Intune Network requirements

Required

Ship Android OS with Google Mobile Services (GMS) package

Required

Ensure Android Enterprise Service availability

Required

Set your tenant's mobile device management authority to Intune

Required

Assign Intune licenses to users

Required

Have users install the Company Portal App (no sign-in required)

Required

Set Google Zero Touch enrollment

Optional

Set Samsung Knox Zero Touch enrollment

Optional

 

Review managed Google Play connection:

Due to interaction between Google and Microsoft domains, you might need to adjust your browser settings to complete this process. Make sure that portal.azure.com, play.google.com, and enterprise.google.com are in the same security zone in your browser.

 

Review Android OS requirements:

Use user-less management methods on Android 8.0 and later devices. These methods are:

  • Android Enterprise dedicated
  • AOSP user-less

Set your tenant's mobile device management authority to Intune:

The mobile device management (MDM) authority setting is crucial for managing devices. As an IT admin, you need to set up an MDM authority before users can enroll devices for management. You must have an Intune license to set the MDM authority.

To set MDM authority

  1. Sign in to the Microsoft Intune admin center.
  2. If you haven't set the MDM authority yet, an orange banner will appear. Select it to open the Mobile Device Management Authority setting.
  3. Under Mobile Device Management Authority, choose Intune MDM Authority and confirm your selection.

https://intune.microsoft.com/#view/Microsoft_Intune_Enrollment/ChooseMDMAuthorityBlade

 

Assign Intune licenses to users:

To assign user and group licenses, follow these steps:

  1. Sign in to the Microsoft 365 admin center.
  2. Go to Billing and Licenses tab, and assign Intune licenses to the required users or groups

 

Configure managed devices:

Complete these tasks to enable Android Enterprise management options in the Intune portal:

·         Connect Intune to Managed Google Play

·         Manage Google Play apps

·         Assign apps to groups in Intune

·         Assign a Managed Google Play app

·         Update a Managed Google Play app

 

 

Connect Intune to Managed Google Play:

 

To manage devices enrolled in Intune with any of the supported Android Enterprise management options, you must connect your Intune tenant to your Managed Google Play account.

Get started

  1. Sign in to the Intune admin center.
  2. Go to the Devices tab, and under Device onboarding, select Enrollment.
  3. Select the Android tab.

  1. Under Android Enterprise >Prerequisites, select Managed Google Play.
  2. Under I grant Microsoft permission to send both user and device information to Google, select I agree.
  3. Select Launch Google to connect now to open the Managed Google Play website. The website opens on a new tab in your browser.
  4. On the Google sign-in page, confirm that the prefilled Microsoft Entra account is the account you want to associate with all Android Enterprise management tasks for this tenant.
    1. Add account. You can add an account with the proper license to perform the sync.
    2. Email confirmation. To perform the connection, the account must have a valid email account.
  5. Follow the onscreen prompts to finish creating a Google admin account.
  6. When prompted, select Allow and create account to allow Intune to manage your Android Enterprise devices.

 

 

Manage Google Play apps:

You can link your accounts in the Intune admin center after you connect to Google Play.

 

Get started

Complete these steps to add a Managed Google Play app directly in the Intune admin center.

  1. Sign in to the Intune admin center.
  2. Select Apps > All apps, and then select Add.
  3. In the Select app type pane, under the available Store app types, select Managed Google Play app.
  4. Select the Select button. The Managed Google Play app store is displayed.
  5. Select an app to view the app details.
  6. Choose Select to select the app.
  7. Select Sync at the top of the blade to sync the app with the Managed Google Play service.
  8. Refresh to update the app list and display the newly added app.

 

 

 

Assign apps to groups in Intune:

 

After you've added an app to Intune, you can assign the app to users and devices. You can deploy an app to a device whether or not the device is managed by Intune.

Get started

Follow these steps to assign apps to groups:

  1. Sign in to the Intune admin center.
  2. Select Apps, then select All apps.
  3. In the Apps pane, select the app you want to assign.
  4. In the Manage section of the menu, select Properties.
  5. Scroll down to Properties and select Assignments.
  6. Select Add Group to open the Add group pane that is related to the app.
  7. For the specific app, select an Assignment type:
    1. Available for enrolled devices. Assign the app to groups of users who can install the app from the Company Portal app or website.
    2. Available with or without enrollment. Assign this app to groups of users whose devices aren't enrolled with Intune. Users must be assigned an Intune license. For more information, see Microsoft Intune licensing.

If you deploy an Android app as "Available for enrolled devices," reporting status will be available only on enrolled devices.

    1. Required. The app is installed on devices in the selected groups. Some platforms may have additional prompts for the user to acknowledge before app installation begins.
    2. Uninstall. The app is uninstalled from devices in the selected groups if Intune has previously installed the application onto the device via an "Available for enrolled devices" or "Required assignment" using the same deployment.
  1. To select the groups of users that are affected by this app assignment, select Included Groups.
  2. After you have selected one or more groups to include, select Select.
  3. In the Assign pane, select OK to complete the included groups selection.
  4. If you want to exclude any groups of users from being affected by this app assignment, select Exclude Groups.
  5. If you have chosen to exclude any groups, in Select groups, select Select.
  6. In the Add group pane, select OK.
  7. In the app Assignments pane, select Save.