First let me start of by saying that almost all android phones are different in respect to enrollment. These screenshots are taken on a Sony Device. The most complicated part with Android is that the End User have to fix the compliance settings yourself.
How good are your users?
e.g. as seen here the end user need to set the pin-code him/herself to be compliant. Make sure that your users can do this themselves before you start.
Picture by picture guide
Here is how you as a end user will experience Intune in your organization
If you need device info, the Intune MDM agent will pull information from the device and display some of it here in the general info tab just right to the health status
There are many different Android phones out there. They all provide info to Intune MDM differently. Here Sony is not able to convey the OS name correctly to Intune.
In the device list you can see and sort the list of devices on most of the general information.
When the end user enrolled this Sony Android Device he was prompted to group his device himself into a group. This group is displayed here. I have named this group myeself in the Intune portal. You could name it anything other than personal if you want to.
Management channel should be set to intune or intune and EAS when your device is enrolled. We should also se the Compliant status. If it is not compliant, check your compliance policies in intune policy tab or make sure that you have made the device compliant e.g. enabled PIN or encryption/screen lock +++
If your device is not compliant it will be blocked from exchange when you run Conditional Access.
Microsoft Intune can not push out Group Policies onto computers, but we can target users or devices with scripts that change that setting in the registry.
Here is how you create a simple script that does just that.
echo A Script to set a Registry value using Windows Intune
REM registry key
reg add HKLM\Software\Policies\Microsoft\PassportForWork /f
reg add HKLM\Software\Policies\Microsoft\PassportForWork\ /v Enabled /t REG_DWORD /d 0 /f
if errorlevel 1 (
echo Error installing reg key
exit /b 1
) else (
echo Installed regkey
exit /b 0
Simply copy this script into a notepad file and then save it as PassportForWork.CMD right click and Run as Administrator to input the software policy where we set Passport for Work enabled as = 0 “Turn Off”
You must be logged in to post a comment.