Google apps dont have access to users account & training options

HKP
Level 2.0: Eclair

A bit of background to use 1st, we have only ever used the Device Administrator to manage our company owned phones and use an Intune licence.

I want to start using Android Enterprise but I've not as yet had any training so this is all new to me.
Ideally, we want to use Fully Controlled Devices for our Company owned devices and Work Profiles for those users using their own device. Which I am sure is quite common practice.

So I have had a play and not yet got anywhere with Fully Controlled Devices but have got Work Profiles setup and working to an extent. However, one stumbling block is that the Google apps, Docs, sheets, Drive etc. show no data from the user’s account. Apps like MS Outlook work just fine.
Could someone be kind enough to point me in the right direction on this?

Also, what training sources would people recommend? We are a State Education environment, so have a very limited budget as per usual. 

Thank you

4 ACCEPTED SOLUTIONS

jasonbayton
Level 4.0: Ice Cream Sandwich

Hi there @HKP 

For training you can take a look at the Android Enterprise academy, androidenterprise.training

You may also benefit from the AE docs - support.google.com/work/android

 

And if you'd like further reading, I also offer hundreds of articles on my site - bayton.org/android

 

To your questions - 

For fully managed devices, you'll need to start from a factory-reset state. When you configure fully managed user devices (I assume?) you'll be provided a QR code by Intune to scan. You can tap 6x on the welcome screen of all modern android devices to initiate the QR reader, and that should kick off the process.

 

For Google, you'll need to allow users to add their Google accounts on the devices. By default Intune will provision a generic managed Google Play account that is not associated with the user directly. If you're a Google Workspace customer with advanced Android management, you'll have further options that may save you on intune licenses too.

 

Hopefully that gets you started?

View solution in original post

jasonbayton
Level 4.0: Ice Cream Sandwich

There isn't a wallpaper API accessible to Intune. I don't have a console available to verify but I should think this is more directed at the Microsoft Managed Launcher than generic homescreen. Can you verify?

View solution in original post

jasonbayton
Level 4.0: Ice Cream Sandwich

It's a great solution for on-device customisation you wouldn't otherwise have, and behaves well for kiosk deployments as well as just offering a consistent, unified Android home experience irrespective of OS or OEM you may be deploying 🙂

View solution in original post

jasonbayton
Level 4.0: Ice Cream Sandwich

This'll go well as a standalone topic 🙂

 

I imagine for your use case setting up conditional access policies would help here in addition to app protection policies. Conditional access is pretty aggressive in ensuring devices meet requirements frequently - at least on Android - and should help.

View solution in original post

13 REPLIES 13

jasonbayton
Level 4.0: Ice Cream Sandwich

Hi there @HKP 

For training you can take a look at the Android Enterprise academy, androidenterprise.training

You may also benefit from the AE docs - support.google.com/work/android

 

And if you'd like further reading, I also offer hundreds of articles on my site - bayton.org/android

 

To your questions - 

For fully managed devices, you'll need to start from a factory-reset state. When you configure fully managed user devices (I assume?) you'll be provided a QR code by Intune to scan. You can tap 6x on the welcome screen of all modern android devices to initiate the QR reader, and that should kick off the process.

 

For Google, you'll need to allow users to add their Google accounts on the devices. By default Intune will provision a generic managed Google Play account that is not associated with the user directly. If you're a Google Workspace customer with advanced Android management, you'll have further options that may save you on intune licenses too.

 

Hopefully that gets you started?

HKP
Level 2.0: Eclair

Hi Jason
Thanks for you post and information. I will have a read through the docs and have signed up for the Academy. 

I hadn't heard of the x6 tap before, so that has been particularly helpful.

 

Kind regards,
Darryl

Moombas
Level 4.1: Jelly Bean

jasonbayton
Level 4.0: Ice Cream Sandwich

androidenterprise.training! 😁

Moombas
Level 4.1: Jelly Bean

I thought it was something different you linked to. Didn't click your link just compared the link text with mine 🤣

HKP
Level 2.0: Eclair

Thanks to all that have helped so far. 

I've made pretty good progress, but one thing I'd like to do is to set the wallpaper of our devices with a corporate image. I have saved this to a Google Drive and made it accessible by anyone but the policy does not seem to apply. 
I have made a Configuration Policy for Android Enterprise, Policy Type is Device restrictions and pointed it to the image and also one on a public website but it does not apply to the Corporate owned, fully managed user device. The policy applies to All users and All devices.
Is there something I am missing, please?

jasonbayton
Level 4.0: Ice Cream Sandwich

There isn't a wallpaper API accessible to Intune. I don't have a console available to verify but I should think this is more directed at the Microsoft Managed Launcher than generic homescreen. Can you verify?

HKP
Level 2.0: Eclair

Ah! Yes if I install MS Launcher and set that as the default, then that works...
Assume MS Launcher is fairly commonly used so that you can do things like setting the wallpaper?

jasonbayton
Level 4.0: Ice Cream Sandwich

It's a great solution for on-device customisation you wouldn't otherwise have, and behaves well for kiosk deployments as well as just offering a consistent, unified Android home experience irrespective of OS or OEM you may be deploying 🙂

HKP
Level 2.0: Eclair

Appreciate that this is an Android forum, but as people on here have been so helpful I thought I'd ask in here..
I have a question over managing iOS Personally owned devices. I have spent a couple of days trying different ways to no avail.

We need to be able to secure data held on personally owned iOS devices, I can enrol the device absolutely fine using Enrolment type "User enrolment with Company Portal", despite my best efforts I cannot find a way to remove Outlook data when the device is no longer managed, whether done by deleting the device out of Endpoint or if the user does that on their own device. Outlook data stays there. The app is also set to uninstall on device removal but again this does not happen.
I have tried creating an "App protection policy" for Outlook, but after selecting the Outlook iOS app , I cant see a setting to remove data in ant of the following steps.

Any pointers greatly received.
Thanks.

jasonbayton
Level 4.0: Ice Cream Sandwich

This'll go well as a standalone topic 🙂

 

I imagine for your use case setting up conditional access policies would help here in addition to app protection policies. Conditional access is pretty aggressive in ensuring devices meet requirements frequently - at least on Android - and should help.

HKP
Level 2.0: Eclair

Yes, my apologies...

I should have started a new topic. When I go to Endpoint security, Conditional access, the option to create in there is greyed out as we don't have Microsoft Entra ID premium though. As a College run by government, this isnt something we are able to purchase at present.