The great thing about Microsoft 365 Business is that it gives you control over the devices that are connected to your Office 365 environment. Many of these will be running Windows 10, which I have covered in previous posts:
Microsoft 365 Windows 10 device configuration mappings
and
Microsoft 365 Application management for Windows 10 mappings
These days, of course, there are additional, non-Microsoft devices, that also need to be connected to Office 365. One of these is Android. What I’m going to cover here is the Application Management for Android in Microsoft 365 Business.
Start by navigating to the Admin center in your Microsoft 365 Business tenant.
Locate the Device policies tile and select it.
You may see a number of policies but one should be named Application Management for Android. Select this.
If the policy doesn’t exist you can create a new one. When you do you will see the above settings.
If you expand the display for each option you should see a list of all the options and their status as shown above.
The question now is, how do these map to settings in Intune under the covers?
To view the settings in Intune you’ll need to login to the Azure portal for that tenant and then navigate to the Intune option. Remember, you get access to an Azure management portal when you sign up for Office 365 free. I covered off how you can access it here:
Enabling your Office 365 Azure AD access
The easiest way to find the Intune settings is to do a search in the top right and then select Intune from the results.
You should see the Intune console displayed as shown above.
From the menu, under the Manage section, select Mobile apps
From here select the App protection policies option under the Manage section. This should display a policy on the right that matches the one you have in the Microsoft 365 Business console (here Application Management for Android). Select the policy name to continue.
The first setting in the policy in Microsoft 365 Business under the heading Protect work files when devices are lost or stolen is:
In Intune select Policy Settings
Here you will find:
The next option in the Microsoft 365 Business policy for Android is:
In the same policy area in Intune this maps to the setting:
Next in Microsoft 365 Business is:
which maps to, also in Policy settings in Intune:
In Microsoft 365 Business, under the heading – Manage how users access Office files on mobile devices is:
This can be found once again in the Policy settings area of Intune and the options are:
Next is:
which maps to:
Next in the Microsoft 365 Business policy is:
which again can be found in the Policy Settings area:
Finally, in this section for Microsoft 365 Business is:
which corresponds to:
The managed apps are basically those at the bottom of the policy in Microsoft 365 Business, typically apps like Excel, Outlook, Word, etc.
If you go out of Policy settings in Intune you should see:
Select Targeted apps.
Here you will see the same list of apps that you find in Microsoft 365 Business.
Remember, this policy is for Android devices and there is one for Windows 10 and iOS as well. Also remember that you can’t go and make changes to the in Intune, I have just shown you the mappings here. if you want to change the policy for any of your devices it needs to be done in Microsoft 365 Business.
You can of course delete the existing policy in Microsoft 365 Business or create different device policies and apply them to different security groups in your environment. Thus, you can have separate policies for floor staff and management if desired.
Microsoft 365 Business makes it easy to manage your devices by putting the policies right in the Office 365 Admin console. These map to policies in Intune under the covers but are only designed to be set inside the Microsoft 365 Business Admin console.
CIAOPS 