Enrolling Android Devices in Intune and Enabling Windows Defender for Endpoint for phones

As threats keep growing and becoming more complex, all the more important it becomes to protect all our devices and monitoring all the attack surfaces.

With Intune you have the ability to create and manage several different profiles for a wide range of devices, and because of this, we can not only manage company devices but we can also expand this coverage to personal devices as well without compromising privacy.

As IT Security Professionals, we need to be seen as helper and support not as the enemy. Working with our end-users allows us to better secure our infrastructure.

With more and more company data finding itself on personal devices, all the more reason to expand our coverage and encourage the end-user to accept the protection to their personal device(s) with the benefits it gives them.

In this article, we will go over the basics on how to quickly install and setup Defender for Endpoint on an Android device. In future articles we will be talking about profile buildouts and how to deploy them to different users and devices.

Managed Google Play Account

First we need to have an integration between our Managed Google Play Account and Intune. If you have an organization’s Google account, you can use it to integrate with Intune. Else we can create a new managed google play account.

• Login to?Microsoft Intune Admin Center
• Click?Devices?>?Enroll devices?>?Android Enrollment
• Click on?Managed Google Play

Now select the check box under “I grant Microsoft permission to send both user and device information to Google” and click on launch Google to Connect now.

Mine shows greyed out as it's already been connected.

This will open a new window, asking you to sign in to a google account to integrate your Managed play account to Intune. Simply fill out the needed fields and you are done. You should now see the Status set with a green checkbox as shown above.

Enrolment Device Platform Restrictions

Enrolment device platform restrictions are the policies that will restrict the devices from enrolling to Intune based on device platform, device manufacturer, OS version, and ownership. To start lets navigate to the following:

• Login to?Microsoft Intune Admin Center
• Click?Devices?>?Enroll devices?>?Enrollment device platform restrictions
• Click on?Create new restriction?under?Android restrictions

Here we can create a restriction name to define who and what gets enrolled.

Now that we have integrated managed play store and created Device platform restrictions, and we are ready to enroll the devices.

Next download the Company Portal app from Google Play Store and open the company portal app and sign in with your organization credentials.

After successful authentication, the user is prompted to Create Work Profile, Activate a work profile, Update the device Settings click on Begin.

After the setup has been finished, we can now go and download and install the Microsoft Defender for Endpoint for the Android device. Because this device is enrolled and connected to Intune it will automatically connect and activate. All you have to do is open and initialize the permissions.

Now we have our phone connected and we can start building out profiles and configurations and push to our devices which we will cover in future videos and articles.

—

? Like what you read? Did it help?you?

Send some coffee and love https://buymeacoffee.com/truvis?:) Your support helps pay for licenses, research & development, and other costs that allow me to bring you new guides and content!

?If you are new to my content, be sure to follow/connect with me on all my other socials for new ideas and solutions to complicated real world problems and jump start your career! New content drops daily/weekly along with tips and tricks?:)

?? W: https://truv.is

?? T: https://twitter.com/thattechkitten

?? Y: https://www.youtube.com/@TRUValueInformationSecurity

?? G: https://github.com/truvis

?? L: https://www.dhirubhai.net/in/truvisthornton

?? M: https://medium.com/@truvis.thornton