Intune announcing public preview for Android Enterprise corporate-owned devices with a work profile

by Scott Muniz | Jul 17, 2020 | Uncategorized

This article is contributed. See the original author and article here.

By: Shanthi Thillairajah | PM | Microsoft Endpoint Manager – Intune

Microsoft Endpoint Manager – Intune support for Android Enterprise corporate-owned devices with a work profile is now in public preview! You can start enrolling devices here in the Microsoft Endpoint Manager admin center. Corporate-owned devices with a work profile is one of the corporate management scenarios in the Android Enterprise solution set. This corporate-owned, personally-enabled (COPE) scenario offers separation between work and personal profiles, similar to that offered for personally–owned work profile devices, while giving admins more device-level control. IT admins can see, control, and configure the work accounts, applications, and data in the work profile, while end users are guaranteed that admins will have no visibility into the data and applications in the personal profile. This scenario is targeted at organizations that wish to enable personal use on corporate-owned single-user devices that they have provided for work. This management scenario is available for Android 8+ (Oreo and higher) devices.

What is available in the first preview release?

This preview release is intended to demonstrate the corporate-owned work profile capabilities that we have built so far. We hope to gather feedback and iterate on the design and functionality before the end-to-end scenario becomes generally available in the Microsoft Endpoint Manager admin center. The following features are included in today’s preview:

• Enrollment: Create multiple enrollment profiles with unique tokens that do not expire. This includes device enrollment using NFC, token entry, QR code, Zero Touch, or Knox Mobile Enrollment.  
• Device Configuration: A subset of the existing settings for fully managed and dedicated devices. 
• App Management: App assignments, app configuration, and associated reporting capabilities. Support for app protection policies will be added in a subsequent preview update.  
• Device Compliance: The compliance policies that are currently available for fully managed devices.  
• Device Action: Delete device (factory reset), reboot device, and lock device are available. 
• Conditional Access: The conditional access capabilities that are currently available for fully managed devices. 
• Resource Access: Certs, Wi-Fi, and VPN. Support for PFX Create is not available in this preview. 
• MTD Support: Admins can push MTD apps to the work profile.

What features are in development?

We are continuing to develop several other features while we collect feedback on this preview. We anticipate adding in the features below in subsequent preview updates prior to general availability. This post will be updated when these features are available in public preview:

• Support for app protection policies (APP, also known as MAM). 
• Personal usage policies – these settings will configure the personal side of the device, including disabling camera and screen capture on the personal side. 
• Work profile password configuration – these settings will create requirements for the work profile password. Device password configuration will be available in the initial preview release. 
• Password reset device action for the work profile. 
• Filter fully managed, dedicated, and corporate-owned work profile devices separately.

Device Enrollment

Intune admins can enable enrollment for this scenario by selecting the “corporate-owned devices with a work profile” enrollment tile (indicated with the red arrow below). Admins can create multiple enrollment profiles with unique tokens that do not expire.

Enrollment Profiles | Corporate-owned devices with work profile (Preview)

End User Enrollment

There are new screens in the end user enrollment flow that help inform the user about the functionality of the work profile and personal profile on the device. Here are some examples of the screens:

Figure 1. Setting up your work profile  Figure 2. Setting up your work profile

Next, there are screens that will guide your end user through setting up admin requirements like creating a device password, installing work applications, and registering the device. After a successful enrollment, the user should see two sections labeled work and personal after they swipe up to see their full application list.

Figure 3. Setting up your work profile  Successful enrollment

Device Configuration

You can create device configuration profiles to assign to corporate-owned devices with a work profile to disable device features, assign certificates, or configure VPN.

To create a device configuration profile, select a profile under the “Fully Managed, Dedicated, and Corporate-Owned Work Profile” category shown below. Device configuration profiles in this category can be applied to fully managed, dedicated, and corporate-owned work profile devices.

Create a profile – Device configuration profile

Some of the settings in the Device Restrictions profile do not apply to corporate-owned devices with a work profile; however, there are headers under each setting category that indicate which device types a particular setting can be applied to. Below is an example of these headers used in the Users and Accounts category.

Device restrictions profile – Users and Accounts

Some settings only apply at the work-profile level for corporate-owned devices with a work profile. These settings still apply device-wide for fully managed and dedicated devices. They are marked with the “work profile-level” descriptor in the setting name, as shown in the example below.

Device restrictions profile – Applications

Device Compliance

The compliance settings that are available for fully managed and dedicated devices will be applicable to corporate-owned devices with a work profile for this preview. To create a compliance policy, admins should select “Android Enterprise” as the platform and “Fully managed, dedicated, and corporate-owned work profile” as the policy type.

Create a policy – Device compliance policy

App Management

IT admins can deploy apps and utilize app configuration for corporate-owned devices with a work profile as a part of this preview release. To create an app configuration policy for managed devices, admins should select “Android Enterprise” for the platform and “Fully Managed, Dedicated, and Corporate-Owned Work Profile” for the profile type.

Create a policy – App configuration policy

As referenced above, there is no support for app protection policies (APP, also known as MAM) in this preview release.

Customer Support for This Preview

The available preview features are fully supported through our Intune support channels.

Known Issues

There is a known issue with being able to enforce a device-wide password. End users have the ability to get around device password requirements on corporate-owned devices with a work profile, regardless of admin policy. This happens when a user turns off the “use one lock” setting on their device which enables setting separate work profile and device passwords. This effectively allows the user to turn off device password and only use a work profile password with the requirements that the admin set for device password. We are working to address this issue in an upcoming release.

How Can You Reach Us?

As you validate and build out the Android Enterprise corporate-owned devices with a work profile preview scenarios, we would appreciate your feedback on IT admin’s device configuration and end-user’s device enrollment experiences. Keep us posted on your Android experience through comments on this blog post, through Twitter (@IntuneSuppTeam), and request any new features on UserVoice.

Android Enterprises Resources

For information about the new privacy protections on company-owned devices, refer to Google’s blog post.

Documentation

• Set up Intune enrollment of Android Enterprise corporate-owned devices with work profile
• Enroll your Android Enterprise dedicated, fully managed, or corporate-owned with work profile devices
• Android Enterprise device settings to allow or restrict features using Intune
• Android Enterprise settings to mark devices as compliant or not compliant using Intune

Guiding the next gen of women tech leaders in rural India

by Scott Muniz | Jul 17, 2020 | Uncategorized

This article is contributed. See the original author and article here.

“Challenges are the biggest opportunity that will help you learn and grow,” says Alagunila Meganathan, a 4-time MVP awardee for Azure.

Alagunila hails from the remote village of Rasipuram – whose name originates from Rasi which means “constellation” in many Indian languages – about 350 kilometres from Chennai (Madras) in the southern state of Tamil Nadu in India. And from that constellation emerged a bright tech star glowing with aspirations to empower thousands of young women to follow their tech passions.

Alagunila, who is fondly known as Nila, started her career as a college professor in the Department of Master of Computer Applications. A dual postgraduate degree holder in Computer Engineering and Computer Applications, Nila understands the difficulties of overcoming remote locations more than most.

India is a melting pot of geological terrains and languages where the landscape and linguistics change every 100 kilometres. Yet, the urge for knowledge and empowerment couldn’t keep this MVP from emerging as a community leader and inspiring others to adapt to the challenges successfully.

Nila has since become an idol for the budding female tech aspirants in the community she influences. She started her journey by spreading awareness about hackathons, bootcamps, meetups and other national and international tech events. Nila, in working to spread the experience of such activities, soon connected with other like-minded MVPs to support college girls to attend events in cities like Delhi, Pune, Mumbai, Hyderabad, Cochin, Trivandrum, Bangalore and Chennai. 

Travelling to such events would involve multiple days of transit across various modes of public transport, meaning hopefuls would need to cover their expenses as well as accommodation and food. Added to this was the cultural nuances of allowing young girls to travel alone with strangers away from their homes for the sake of imbibing knowledge and experience. Sometimes, families sometimes simply could not afford the expenses nor the risk involved.

So, Nila and team assisted some girls by sponsoring part of their expenses as well as exposing the tech aspirants to the opportunities of being a part of the industry. This, along with the mentorship given in speaking and writing, provided immense confidence for the girls entering the industry and during early employment. 

In view of the challenges, Nila with the help of fellow MVPs set up a dedicated community Microsoft DEV. Geeks (part of the Global AI Community) for students from rural locations. The sessions were delivered in the local language to help better understanding of the concepts and build familiarity and warmth within the community.

To overcome the challenge of finding a central venue for the meetups, the team collaborated with companies to provide convenient venues which were easily accessible by public transport. This initiative started with 35 participants and slowly grew to more than 100. Soon running out of available space, the young students would stand outside the venue or employ makeshift chairs to ensure they could continue their learning journey.

Following the sessions, the experts then joined the students for lunch on the roof. This post-session exercise became an integral part of the learning process with Lunch & Learn with Microsoft MVPs. The team continued to encourage participation with multi-language sessions, social media interaction, student feedback integration, and event invitation through the Global AI Community groups page.

Not to be deterred by the pandemic, Nila and seven other MVPs – hailing predominantly from cities like Coimbatore, Cochin, Madurai, Salem, Thiruvananthapuram, Ooty and others – started a webinar series of rural upskilling called Learn with Microsoft MVPs. 

Between them, the MVPs use their expertise in Azure, Developer Technologies, and Office Applications & Development to teach students not only in India but from countries like Italy and Australia.

Online and offline, Nila believes in knowledge being the true metric of success. Therefore, she continues to follow her pursuit of knowledge by sharing more and meeting new people.

Nila advises young graduates by using her own journey of challenges and successes as an example.

A true community leader, Nila mentors young aspirants to find their preferred tech platform and continue their journey as a ‘techie’ in any city of their choice. Location, as evidenced by Nila, is secondary – the most important part is finding your passion and pursuing it.