To use AppConfig on Intune for Android, there are eight overarching steps you need to accomplish:
Before using Intune to manage your Android devices with AppConfig, you must connect your Intune account to your Managed Google Play account. For instructions, see Connect your Intune account to your Managed Google Play account.
To ensure that users always have access to the most up-to-date version of the Company portal app, you must approve the Company Portal app for Android in the Managed Google Play store. By approving it, you make sure that each user gets automatic updates.
After, you must set enrollment restrictions.
Android Enterprise work profiles are supported on certain Android devices. Any device that supports Android Enterprise work profiles also supports conventional Android management. Intune lets you specify how devices that support Android Enterprise work profiles should be managed from within Enrollment Restrictions.
By default, Android Enterprise work is not supported in Enrollment Restriction. As a result, all Android devices, including devices that support Android Enterprise work profiles, are enrolled as conventional Android devices. You must manually enable support of Android Enterprise work in Enrollment Restrictions to allow devices that support Android Enterprise work profiles to be enrolled as Android Enterprise work profile devices.
For instructions, see Set enrollment restrictions.
Enrolling your Android device gives you access to company email, apps, and other work data. As part of enrollment, you set up a work profile, which separates the personal data on your device from your work data.
For instructions, see Enroll your Android device in Intune.
There are two ways you can distribute your app:
After you've added an app to Microsoft Intune, you can assign the app to users and devices. For instructions, see Assign apps to groups with Microsoft Intune.
In Intune we can create configurations and restrictions with “App configuration policies” and assign them to app and user groups.
For Android, the configurations can only be set for apps from the Google Play Store (Android Work). The configurations can be set either by a JSON editor or by a key-value configuration editor (suggested), which looks similar to AirWatch.
When the app is downloaded on a device, the configurations are loaded by RestrictinsManager'sgetApplicationRestrictions method, the same as the AppConfig with the Airwatch console. These values are pre-configured and control the behavior of the app.
For instructions, see Add app configuration policies for managed Android devices.
See Integrate with AppConfig-Compliant EMM Providers for more information on the available configuration options.
To use VPN for Android AppConfig, first approve the VPN client app in the Google Play Store and distribute it to devices. Then you can create a VPN profile.
For instructions, see Create VPN Profile in Intune. After, see Configure VPN settings for devices running Android in Intune. Once the device policy is created, install the VPN profile on your device.
Now network requests of all Android work apps will go through the VPN.
For instructions on how to create a VPN profile, create a custom configuration policy, and assign both policies, see Use a Microsoft Intune custom profile to create a per-app VPN profile for Android devices. Also see Assign users and device profiles in Microsoft Intune.
KB483187
