What is Android (AOSP) with Intune?

Jonas Bøgvad
Jonas Bøgvad

Table of Contents

You probably have seen it a couple of times out on the web or an announcement by Microsoft that Endpoint Manager Intune now supports AOSP. If you were a little confused or did not think of it, like me, "oh, it's Android"...

We are both wrong. AOSP stands for Android Open Source Project😕

Please keep in mind that AOSP with Intune is in preview

Intune only supports RealWear devices, updated to Firmware 11.2 or later. Thank you Ondrej

The maturity level of the AOSP is low. For now, automated enrolment is not possible. but I cross my fingers for improvement. Thank you Krzysztof

So now we have:

  • Google Mobile Services (GMS)
  • Android Open Source Project (AOSP)

Let's dig into these two subject

Google Mobile Services

GMS is certified devices by Google, which means they run the show. They decide which device can run GMS and access their "Mobile Services". Huawei devices cannot access GMS, and why is that a big deal? To enroll in Intune, you need access to GMS to connect to Android Enterprise😭

The requirements to access Android Enterprise are as follows:

  • Devices must run a distribution of Android with Google Mobile Services (GMS) connectivity. Devices must have GMS available and must be able to connect to GMS.

If your device does not support GMS, you won't be able to leverage Android Enterprise with Intune.

💖Android Open Source Project

And here comes the hero to save us all from GMS! (insert superhero gif..🦸)

Android's goal is to avoid any central point of failure in which one industry player can restrict or control the innovations of any other player.

AOSP is pretty much the opposite of GMS, AOSP is not certified by Google in any way, but you guessed right, open source for anyone to use.

So why is that a big deal? It's not for now, but it could be in the future when more vendors adopt AOSP. GMS will not be a show stopper if our users need to access our data from an AOSP device. So Microsoft wants to play ball and be able to support any device🏆

Google is still running the project and will have the last say in its development, which means they are committed to creating valid source code. AOSP receives regular bug and security patches from monthly security patches.

Manufacturers like Amazon and Samsung are free to tweak the project for their own purposes and have developed their own spin-offs, including the multi-purpose Fire OS. This has become important in Huawei’s continued EMUI(Emotion UI user interface) and Harmony OS development.

AOSP devices won't have access to Google techs like Chrome, YouTube, and Google play store since that falls under the GMS license.

If you want to dig deep into AOSP, then I recommend you read What is AOSP? Everything you need to know by android authority

Endpoint Manager Intune and Android Open Source Project (AOSP)

If you missed the announcement, Microsoft wrote the following:

Microsoft is pleased to announce the ability to manage devices that run on Android Open Source Project (AOSP) in a Microsoft Endpoint Manager public preview. With an increasing number of these purpose-built, mobile devices used by workers in the enterprise on the frontline, organizations need an easy way to enable workers to safely use collaboration and productivity apps, like Teams, while protecting company data that is shared when performing critical workflows.

How does it look inside our management portal, you might ask? Let me show you.

Corporate-owned, user-associated device

Did you read the details under the title in the image? if not, what It says is that you will be able to manage devices that are built from the AOSP without GSM🥳

It will almost work as Android Enterprise and Corporate-Owned, Fully Managed User devices to compare it with anything.

How to manage AOSP

If we head over to configuration profiles, we will see the following, and the exciting Profile type is Device Restrictions.

When selecting the Device restriction profile, we will see what we can configure, like "Enable or disable device features, control security, and more".

So here, we won't see much yet, but we have the following, which is an excellent start, keep in mind this is in preview, so a lot more configurations are to come.

Credits

You might also like

For starters, what is a Primary Refresh Token? Members Public

Some would argue that authentication relies solely on user identity, but you are incorrect 🤥

😊Identity🔐Security📱Device

National Cyber Security Centre platform guides Members Public

Use these guides to help you set up and manage your organization's work devices, or to get started with a Bring Your Own Device (BYOD) setup.

📱Device🔐Security