UCPrimer
  • UCprimer
  • About

Preparing for AOSP Enrollment on Teams Android Devices

10/31/2024

0 Comments

 
Picture
In August this year Microsoft posted an important announcement in the M365 admin portal Message Center as MC665936 entitled "Device Management Changes for Microsoft Teams Android Devices". Microsoft is introducing a new method for managing Teams Android Devices, transitioning from the legacy Android Device Administrator to the Android Open Source Project (AOSP) Device Management. This migration is essential for leveraging new features and functionalities that enhance device management and security, and also because Google has deprecated the Device Administrator API since 2020. The migration will come in the form of a new firmware update to Microsoft Teams Android devices from ODM partners in 2024. The firmware update will move devices from Android device administrator to Android AOSP management. In this blogpost we provide a step-by-step guide on how to prepare the Intune environment for this upcoming migration.
Important
Note that MC665936 is not the same as other messages MC674247, MC726113 and MC902778 which are related to Intune ending support for Android device administrator on devices with GMS. Note that Teams Android devices do not use GMS and therefore are not impacted by these other notifications.

Preparation Steps
​The shift to AOSP Device Management is driven by the need for a more robust and flexible mobile device management (MDM) method. AOSP Management offers several advantages over the traditional Device Administrator, including better support for new features, improved security policies, and a more streamlined enrollment process. In preparation for the migration to AOSP, it is important to keep Device Administrator enrolment enabled until AOSP enrolment is released by both Microsoft and the ODM firmware. Below is a step-by-step guide on preparing the environment:

Step 1: Set Up New AOSP Management Enrollment Profiles
In the Intune Management Console:
  1. Select Devices > Enrollment > then Android.
  2. Under Enrollment Profiles, select Corporate-owned, user-associated device.
  3. Select Create policy.
Use the following settings for the profile configuration:
  • Name Give the profile a name like 'AOSP – Teams Devices'.
  • Description Put in a description so others in the organization know what this enrollment profile is used for. Use something like 'This AOSP Management enrollment profile is to allow Teams Android Devices to enroll in Intune'.
  • Token expiration date This defaults to 65 years into the future and is best left at 65 years to avoid policy expiration which would block enrollment.
  • Wi-Fi Select Not configured.
  • Microsoft Teams devices Select Enabled"
Picture
Step 2: Set Up AOSP Intune Configuration Policies
Although not mandatory, setting up configuration and compliance policies can enhance device functionality and security. These are not automatically migrated from Device Administrator and we need to re-create AOSP policies for device restrictions and compliance settings like device health, OS version, and data encryption. Teams Android Devices that are enrolled in AOSP Management support both Intune configuration policies and Intune compliance policies

Currently, the only supported configuration policy for Teams Android Devices enrolled with AOSP Management is the Device Restrictions profile and only the “block screen capture” restriction inside of that profile. Support for more configuration policies is planned in the future. To create AOSP Management Configuration Policies, in the Intune Management Console:
  1. Select Devices > Configuration.
  2. Select Create > New Policy.
  3. For Platform select Android (AOSP).
  4. Under Profile type select Device Restrictions, then select Create.
  5. Provide a name and description for the policy, then select Next.
  6. Under General set Block screen capture to Yes, then select Next.
  7. Assign this profile to all devices or an Entra ID group of devices, select Next, then select Create.
Picture
Step 3: Set Up AOSP Intune Compliance Policies
There's currently a limited set of supported compliance policies for Teams Android Devices enrolled with AOSP Management but more are planned for in future releases:
  • Device Health Rooted devices (Block).
  • Device Properties Minimum OS version.
  • Device Properties Maximum OS version.
  • System Security Require encryption of data storage on device.
​To create AOSP Management Compliance Policies, in the Intune Management Console:
  1. Select Devices > Compliance, then Create policy.
  2. Under Platform > Android (AOSP), then select Create.
  3. Provide a name and description for the policy.
  4. Select Next.
  5. Enable the desired compliance settings from the supported list.
  6. Select Next, then select Next.
  7. Assign this profile to all devices or an Entra ID group of devices.
  8. Select Next, then select Create.
Picture
What's next?
Now that the environment is prepared, the next phase is to wait for the release of AOSP capable firmware from ODMs for Teams devices. Until then, Device Administrator is still required and used for Teams devices signing-in to company portal for Teams.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    UCPrimer

    Picture
    Picture
    Picture
    View my profile on LinkedIn

    Important Links

    Microsoft Teams Docs
    Microsoft Learn
    ​Microsoft MVP Blogs
    Michael Tressler’s Blog
    Michael’s MTR Quick Tip Videos
    Jimmy Vaughan’s Blog
    Jeff Schertz
    Adam Jacobs
    James Cussen
    ​Damien Margaritis

    Archives

    March 2025
    February 2025
    January 2025
    December 2024
    November 2024
    October 2024
    August 2024
    July 2024
    May 2024
    April 2024
    March 2024
    February 2024
    December 2023
    November 2023
    October 2023
    September 2023
    July 2023
    March 2023
    February 2023
    January 2023
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    June 2021
    April 2021
    March 2021
    December 2020
    October 2020
    September 2020
    August 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    March 2019
    November 2018
    October 2018
    September 2018
    August 2018
    June 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    August 2017
    July 2017
    April 2017
    March 2017
    February 2017
    January 2017
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    January 2016
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    September 2012
    August 2012

    Categories

    All
    Edge
    Exchange 2013
    Hybrid
    Lpe
    Lync 2010
    Lync 2013
    Mobility
    Oauth
    Office365
    Polycom
    Ucs

    RSS Feed

    This website uses marketing and tracking technologies. Opting out of this will opt you out of all cookies, except for those needed to run the website. Note that some products may not work as well without tracking cookies.

    Opt Out of Cookies