Hi, I noticed that to complete the configuration you need to login with the microsoft account of the user who has to use the device. There is a way to skip the step or use an administrator account and then assign the device with INTUNE. Otherwise I need to always call the user to whom I have to assign the device every time I reset the device...
Hello and thanks for your comment. Intune offers no native way to 'skip the user sign-in' step. There are provisioning tools such as Samsung Knox Mobile Enrolment and its counterpart Android Zero Touch. These tools offer options to customise the enrolment workflow and inject pre-determined information, like autofill the user's UPN etc. Hopefully that helps.
Hello , thank you for this video , can i for the first Logon with my microsoft admin account and then for the second logon on Intune App with user Account??? , i want to configure the android Device and then i give it to User only to log on the Intune App, i don't want to give the QR code to Users . Thanks.
Hi, When I enroll my device in the 'Company Portal' I get the error message 'lock to app mode has been turned on' - How do I get past this point, the device won't enroll. Thank you
Hello and thank you for your comment. I advise to check configuration in Intune to ensure the enrolment type is correct. Which Android Enterprise enrolment type are you wanting to use?
Hi and thanks for your comment. The launcher should only be applied when the Managed Launcher app and accompanying policy are deployed. Believe this video tutorial doesn't touch on that aspect. Both E3 and F3 are suitable licensing subscriptions for Microsoft Intune.
Make sure a password policy is defined and assigned before enrolment. If true, Android will prompt the user through the tray notifications to set a password. iOS will prompt the user through an on-screen prompt. Hope this helps.
Is it possibly to enrol devices that are already setup but not through a personally owned profile. I have downloaded the company portal app and tried to enrol the device, but it only enrols it personally and not fully managed. I have a fleet of a thousand+ devices that we need to enroll in Intune but we don't want to have to wipe them in order to enrol them fully managed into Intune.
Hello Liam and thanks for your comment. Unfortunately as with limitations of Android, to achieve Full device management or indeed Corporate Owned Work Profile can only be invoked after factory reset.
Once you get the phone enrolled, how you do you get a managed app to be (automatically or manually) installed on the managed phone? No matter what I try, I can't get the app I put on azure to show up on the managed phone.
Hi @Jay Zech thanks for your comment. I recommend you follow our help guides for managing Android. Start with integrating Managed Google Play store and then add & assign a Managed Google Play app. Both articles can be found on our guides knowledge base. guides.uemauthority.com/article-categories/intune-manage-android/
@@uemauthority Hi, Do you have guides for android 7 or android 6 to do Android for Work enrollment? Thanks! (I got all our Android 11 devices enrolled thanks to your help. Thank you!)
Unfortunately I do not. Though I must advise, for security and platform continuity purposes, Android 6 and 7 ideally should not be permitted to enrol. Said platform versions are simply insecure and out of date.
Is there a way for me to restrict what mobiles can enrol in a COBO enrolment. For example if I want to deny phones that are below Android v11 from enrolling can I stop them but allow anything over v11
It's possible in this scenario to use Device Platform Restrictions policy with a minimum OS version set for Android Enterprise. The policy would need to sit independently to the default policy and be assigned to the dynamic Azure AD group where you have configured COBO device to land. Hope this helps.
Hi, I noticed that to complete the configuration you need to login with the microsoft account of the user who has to use the device. There is a way to skip the step or use an administrator account and then assign the device with INTUNE. Otherwise I need to always call the user to whom I have to assign the device every time I reset the device...
Hello and thanks for your comment. Intune offers no native way to 'skip the user sign-in' step. There are provisioning tools such as Samsung Knox Mobile Enrolment and its counterpart Android Zero Touch. These tools offer options to customise the enrolment workflow and inject pre-determined information, like autofill the user's UPN etc. Hopefully that helps.
Hello , thank you for this video , can i for the first Logon with my microsoft admin account and then for the second logon on Intune App with user Account??? , i want to configure the android Device and then i give it to User only to log on the Intune App, i don't want to give the QR code to Users .
Thanks.
What was the code AFW#set up, and how can we get it?
Hi, When I enroll my device in the 'Company Portal' I get the error message 'lock to app mode has been turned on' - How do I get past this point, the device won't enroll. Thank you
Hello and thank you for your comment. I advise to check configuration in Intune to ensure the enrolment type is correct.
Which Android Enterprise enrolment type are you wanting to use?
@@uemauthority Corporate-owned, fully managed user devices.
how to exit from launcher? and what license is needed for the user(e3 or f3)
Hi and thanks for your comment. The launcher should only be applied when the Managed Launcher app and accompanying policy are deployed. Believe this video tutorial doesn't touch on that aspect.
Both E3 and F3 are suitable licensing subscriptions for Microsoft Intune.
Hi, why once your device was enrolled, the intune app didn't ask you to choose a psw or a pin ?
Make sure a password policy is defined and assigned before enrolment. If true, Android will prompt the user through the tray notifications to set a password. iOS will prompt the user through an on-screen prompt. Hope this helps.
Is it possibly to enrol devices that are already setup but not through a personally owned profile. I have downloaded the company portal app and tried to enrol the device, but it only enrols it personally and not fully managed. I have a fleet of a thousand+ devices that we need to enroll in Intune but we don't want to have to wipe them in order to enrol them fully managed into Intune.
Hello Liam and thanks for your comment. Unfortunately as with limitations of Android, to achieve Full device management or indeed Corporate Owned Work Profile can only be invoked after factory reset.
Once you get the phone enrolled, how you do you get a managed app to be (automatically or manually) installed on the managed phone?
No matter what I try, I can't get the app I put on azure to show up on the managed phone.
Hi @Jay Zech thanks for your comment. I recommend you follow our help guides for managing Android. Start with integrating Managed Google Play store and then add & assign a Managed Google Play app. Both articles can be found on our guides knowledge base. guides.uemauthority.com/article-categories/intune-manage-android/
@@uemauthority Hi,
Do you have guides for android 7 or android 6 to do Android for Work enrollment? Thanks!
(I got all our Android 11 devices enrolled thanks to your help. Thank you!)
Unfortunately I do not. Though I must advise, for security and platform continuity purposes, Android 6 and 7 ideally should not be permitted to enrol. Said platform versions are simply insecure and out of date.
Is there a way for me to restrict what mobiles can enrol in a COBO enrolment. For example if I want to deny phones that are below Android v11 from enrolling can I stop them but allow anything over v11
It's possible in this scenario to use Device Platform Restrictions policy with a minimum OS version set for Android Enterprise. The policy would need to sit independently to the default policy and be assigned to the dynamic Azure AD group where you have configured COBO device to land. Hope this helps.
@@uemauthority Is there a guide anywhere ob how to do this?
@@jongibbons9028 No specifically for this scenario. Please email me directly and I'd be happy to provide further guidance.