Part 2 can be found here and covers the configuration of Azure AD groups
Part 3 can be found here and covers the configuration of Personally-owned Work Profile devices
Part 5 can be found here and covers the configuration of Fully Managed devices
Part 3 can be found here and covers the configuration of Personally-owned Work Profile devices
Part 5 can be found here and covers the configuration of Fully Managed devices
This series will get you up and running as quickly as possible, therefore if you require further detail and explanation on Android Enterprise please refer to my previous post here which I am ensuring is kept up to date as newer functionality is supported within Intune.
This post focuses on how to configure an Android Enterprise Dedicated device which is designed for single purpose scenarios, such as digital signage, stock take, or field operative usage. Devices configured in this way are not designed to have any user specific data on them and as a result they have no user affinity. My previous post was published a year ago which details how to configure a single app kiosk, in this post I will be configuring a multiple app kiosk.
First of all you will need to deploy the Managed Home Screen to your device group, to form the basis of the locked down experience. As of the May 2019 Intune service update this app will already be available for deployment within your tenant
Within the M365 Device Management portal navigate to Client Apps > Apps
In this example I am going to deploy some apps to our Dedicated device and add some of them to a folder. I am also going to create a web link, as well as configure a default wallpaper.
Select the Dedicated Devices settings group, for Kiosk Type select Multi-app and then add all of the apps you wish to be available on the Managed Home Screen
Scroll down to view additional settings for Leave kiosk mode select enable and set a code. Specify the URL to your background within Set Custom URL background. Finally set both Wi-Fi configuration and Bluetooth configuration to Enable
Save the profile and then assign to the same AAD device group as we have with our app assignments
Now to configure a folder for our apps and create a web link. Navigate to Client apps > App configuration policies
Add a configuration policy, giving it a suitable name. For Device enrollment type select Managed devices and under Platform select Android
Select Associated app and then choose the Managed Home Screen app. You will now see the Configuration settings menu appear. Select this
There are two ways in which to define configuration settings, using the configuration designer, or manually entering the JSON data. For both the folder settings and the web link, these configurations can only be defined by entering the JSON data. Refer to this article for more information on how to choose a configuration settings format.
I am going to create a folder called Tools and put some apps in it for the user, select Enter JSON data
Copy in the following code, substituting the folder_name and package values to reflect your requirements for the name of the folder and the apps you wish to include in the folder
{
"kind": "androidenterprise#managedConfiguration",
"productId": "com.microsoft.launcher.enterprise",
"managedProperty": [
{
"key": "managed_folders",
"valueBundleArray": [
{
"managedProperty": [
{
"key": "folder_name",
"valueString": "Tools"
},
{
"key": "applications",
"valueBundleArray": [
{
"managedProperty": [
{
"key": "package",
"valueString": "com.csdroid.pkg"
}
]
},
{
"managedProperty": [
{
"key": "package",
"valueString": "com.farproc.wifi.analyzer"
}
]
},
{
"managedProperty": [
{
"key": "package",
"valueString": "com.qrcodescanner.barcodescanner"
}
]
}
]
}
]
}
]
}
]
}
Now create a second configuration policy for the web link. Copy in the following code to this, substituting the link and labels values as appropriate
{
"kind": "androidenterprise#managedConfiguration",
"productId": "com.microsoft.launcher.enterprise",
"managedProperty": [
{
"key": "weblinks",
"valueBundleArray": [
{
"managedProperty": [
{
"key": "link",
"valueString": "http://leonashtonleatherland.blogspot.com"
},
{
"key": "label",
"valueString": "Leon's IT Blog"
}
]
}
]
}
]
}
Assign both of the app config policies to the AAD device group
Select Corporate-owned dedicated devices the select the apprioprate enrollment profile (again - remembering that your AAD device group will be populated based on this profile, so ensure you select the correct one if you have multiple)
Select Token and then Show token. This is what we will use to enroll the device
The device I am using is Android 7.0 and therefore supports QR code enrollment, which is the enrollment type I will use in this example. There are other supported methods for enrollment, which are documented here and are OS version dependent
To commence enrollment, the device must factory reset or indeed new out of the box - so essentially in the Out-of-Box Experience (OOBE) state
Tap multiple times in any white space, until you see the below screen. Select Next
Connect to Wifi
The QR reader will now install
Scan the QR code we mentioned in previous steps
Encrypt the device when prompted
Enrollment will continue
Agree any terms
The Google Play Store and Google Play Services will now update on the device
Enrollment completes and you now see the regular Android home screen experience
After a few moments you will see apps start to deploy to the device
Now the configuration is complete, and you can immediately see the custom wallpaper and in this example the Tools folder we created
Also the web link has been pinned, launch it and it will open in the deployed browser
Select Managed Setting to show the locked down menu providing the end user Bluetooth and WiFi access, as we specified within our Configuration Profile
For troubleshooting purposes, you can exit kiosk mode but tapping the back button multiple times and select Exit Kiosk
Enter the PIN when prompted
The device is now out of Kiosk mode
Launch the Managed Home Screen to put the device back in to Kiosk mode
Well that completes this post, I hope you found it useful - see you in the next part of this series where I will be talking about Fully Managed devices
Thanks for reading!