Microsoft Intune EMM Locks Down Specialized Android Devices

Administrators can now use the company's enterprise mobile management system to manage Android-based ticket scanners, point-of-sale systems and other specialized devices.

Android O Developers Release

Businesses can now use Intune to control their single or limited-use Android devices. Intune is Microsoft's cloud-based enterprise mobile management (EMM) product and part of the company's Enterprise Mobility + Security suite, which also includes Azure Active Directory and Azure Information Protection.

Flexibility is one of the traits that users most value in phones and tablets. Apart from providing essential calling capabilities, an Android smartphone can serve as an email inbox, document scanner, collaboration tool and countless other roles provided by mobile apps. It's a cornerstone of modern enterprise mobility.

But not all mobile devices deployed by businesses are meant to be multitaskers. Often, they are designed to perform specific roles, such as point-of-sale terminals at retail stores or ticket readers at entertainment venues. For those use cases, Microsoft has now added support for purpose-built Android devices to Intune.

"IT admins configure these corporate-owned devices to be used in locked-down environments, allowing only the app or apps necessary to complete the task, while preventing users from accessing settings, installing apps, or changing other device functions that could interfere with reliable operation," explained Microsoft representatives in a July 10 blog post.

Another perk, according to the software giant, is the freedom it gives enterprises to turn practically any type of Android phone or tablet into a single-function device that meets their needs while providing a consistent experience across the business.

To help organizations turn any stock Android phone or tablet into specialized device, Intune provides unattended app installation and update capabilities, which comes in handy when deploying and maintaining a fleet of kiosks and other unattended devices.

This is made possible by integration with the Google Play Store for managed enterprise accounts, which allows larger organizations to ship their Android-based equipment to remote offices and facilities without having to incur the cost of sending IT personnel to those locations.

New managed app settings can be used to configure runtime permissions along with other options that allow administrators to place-security enhancing restrictions on installed software. Using the dynamic device groups feature in Azure AD, Microsoft's identity management system, administrators can automate app and policy management using the enrollment profiles associated with their devices.

Device enrollment options include a token string or Google's Zero Touch provisioning system for large-scale Android deployments. Microsoft recently added a similar zero-touch capability to the Windows Autopilot deployment tool for business PCs. Alternately, organizations can quickly enroll a device by using its camera to scan a QR code generated by Intune.

Helping workers stay on task, Intune uses technology based on the Microsoft Launcher app to lock specific apps and websites to the Managed Home Screen. Microsoft Launcher, formerly Arrow Launcher, allows Android users to personalize their home screens, access Office content and continue activities on a Windows PC. In this case, software enables employers to restrict the number of available apps to only those required for their jobs. In kiosk mode, it limits devices to a single app.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...