Migrate Android devices from device administrator to work profile management

Android Enterprise

Since Android version 2.2. Android Device Administrator was used to manage Android devices. If you`re using Microsoft Intune to manage Android devices, you might also use Device Admin to manage your devices. But Device Admin is marked as deprecated by Google and Google is decreasing Device Admin support on new Android releases.
A new management solution was already introduced by Google in Android 5.0, Android Enterprise, with improved management functionality. Because of these changes it`s time to migrate Android devices from Device Administrator to Android Enterprise Work Profile (or Fully managed).

In this blog post I show the steps to make the migration process for the end-user as easy as possible.

Microsoft made a new setting available to mark an Android Device Admin device not compliant. As soon as the end-user devices is marked as not compliant by this setting, this is shown in the Company Portal app like it always was, but when the user this time clicks on Resolve on the Update device settings page, a migration process is started to migrate the device to Android Enterprise Work Profile.
Besides that, you can also automatically send the user an email notification with explanation about the migration proces and mention the migration URL (The URL will launch the Android Company Portal to the Update device settings page).

Configure the Compliance Policy

I assume you already have an existing Compliance policy for Android Device Admin, otherwise create one.

  • Sign-in to the Device Management Portal
  • Browse to DevicesAndroid
  • On the Compliance Policies tab open the Device Admin policy
  • Browse to SettingsDevice Health
  • Set Devices managed with device administrator to Block
  • Click OK (twice) – click Save

This is all to mark Device Admin devices as non-compliant and make the migration flow available for your end-users.

Configure Compliance Policy notifications (optional)

Optional you can automatically send an email to the end-user by following these steps.

  • Browse to DevicesCompliance Policies
  • On the Notifications tab click Create notification
  • Enter a Name
  • Enter a Subject
  • Enter a Message and refer to the URL https://portal.manage.microsoft.com/UpdateSettings.aspx
  • Click Next
  • Click Create
  • Browse to DevicesAndroid
  • On the Compliance Policies tab open the Device Admin policy
  • Browse to Actions for noncompliance
  • Click Add
  • Choose Send email to end user from the drop-down list
  • Click Message template
  • Select the previous create Email notification
  • Click Select
  • Click Add – Click OK
  • Click Save

The Compliance policy is set, everything is ready for the new migration flow.

End-user experience

My device is marked as compliant before changing the Compliance policy.

As soon as I change the Compliance policy and my Android device is synced with Intune, it is marked as Not in compliance.

If also set a notification in the policy, the user should also receive an email.

When you click on the message You need to update settings on the device in the Company portal app, Update device settings is opened.
Click on Resolve to start the migration process.

The user is informed of the migration steps.
Click Begin.

Take not of the information and click Begin.

The old management profile is removed.
Click Continue.

After these steps the enrollment to Android Enterprise Work Profile is started.
Click Continue.
Screens might be different for you, depending on policies set in your Intune tenant, differences per Android version and Android vendor.

The Work profile is created, several different screens are shown.

The Work profile is created, click Continue.

The Work profile is activated, policies applied.
Click Done.

The end-result is an Android device managed with Android Enterprise Work Profile.

If you`d like to read more about managing Android devices with as Work Profile devices, I suggest to read this post.

Thank you for reading!




Be the first to comment

Leave a Reply

Your email address will not be published.


*