Sunday, December 3, 2017

Microsoft 365 Android configuration mappings

The great thing about Microsoft 365 Business is that it gives you control over the devices that are connected to your Office 365 environment. Many of these will be running Windows 10, which I have covered in previous posts:

Microsoft 365 Windows 10 device configuration mappings

and

Microsoft 365 Application management for Windows 10 mappings

These days, of course, there are additional, non-Microsoft devices, that also need to be connected to Office 365. One of these is Android. What I’m going to cover here is the Application Management for Android in Microsoft 365 Business.

image

Start by navigating to the Admin center in your Microsoft 365 Business tenant.

image

Locate the Device policies tile and select it.

image

You may see a number of policies but one should be named Application Management for Android. Select this.

image

image

image

If the policy doesn’t exist you can create a new one. When you do you will see the above settings.

If you expand the display for each option you should see a list of all the options and their status as shown above.

The question now is, how do these map to settings in Intune under the covers?

To view the settings in Intune you’ll need to login to the Azure portal for that tenant and then navigate to the Intune option. Remember, you get access to an Azure management portal when you sign up for Office 365 free. I covered off how you can access it here:

Enabling your Office 365 Azure AD access

image

The easiest way to find the Intune settings is to do a search in the top right and then select Intune from the results.

image

You should see the Intune console displayed as shown above.

image

From the menu, under the Manage section, select Mobile apps

image

From here select the App protection policies option under the Manage section. This should display a policy on the right that matches the one you have in the Microsoft 365 Business console (here Application Management for Android). Select the policy name to continue.

image

The first setting in the policy in Microsoft 365 Business under the heading Protect work files when devices are lost or stolen is:

image

In Intune select Policy Settings

image

Here you will find:

image

The next option in the Microsoft 365 Business policy for Android is:

image

In the same policy area in Intune this maps to the setting:

image

Next in Microsoft 365 Business is:

image

which maps to, also in Policy settings in Intune:

image

In Microsoft 365 Business, under the heading – Manage how users access Office files on mobile devices is:

image

This can be found once again in the Policy settings area of Intune and the options are:

image

Next is:

image

which maps to:

image

Next in the Microsoft 365 Business policy is:

image

which again can be found in the Policy Settings area:

image

Finally, in this section for Microsoft 365 Business is:

image

which corresponds to:

image

The managed apps are basically those at the bottom of the policy in Microsoft 365 Business, typically apps like Excel, Outlook, Word, etc.

image

If you go out of Policy settings in Intune you should see:

image

Select Targeted apps.

image

image

Here you will see the same list of apps that you find in Microsoft 365 Business.

Remember, this policy is for Android devices and there is one for Windows 10 and iOS as well. Also remember that you can’t go and make changes to the in Intune, I have just shown you the mappings here. if you want to change the policy for any of your devices it needs to be done in Microsoft 365 Business.

You can of course delete the existing policy in Microsoft 365 Business or create different device policies and apply them to different security groups in your environment. Thus, you can have separate policies for floor staff and management if desired.

Microsoft 365 Business makes it easy to manage your devices by putting the policies right in the Office 365 Admin console. These map to policies in Intune under the covers but are only designed to be set inside the Microsoft 365 Business Admin console.