Set up enrollment in Microsoft Intune for corporate-owned, userless devices built on the Android Open Source Project (AOSP) platform. Intune offers an Android (AOSP) device management solution for corporate-owned Android devices that are:
RealWear headsets leverage AOSP Device Owner enrollment. Information on how to enroll your RealWear Headsets can be found in the following Microsoft Articles.
At this time, RealWear devices (running Android 10.0 and later) are the only supported devices for AOSP management in Microsoft Endpoint Manager. With this update, organizations can equip their workers with the right tools for the job and use Intune to manage purpose-built devices while protecting company information.
To enroll devices into Intune, Device Policy enrollment QR Codes can be scanned by our device setup wizard. A brand new out-of-box device or freshly factory reset device will go into a Configuration camera screen. When an Intune Device Owner enrollment code is scanned by our device camera on this screen, enrollment will begin automatically.
There are two recommended methods for Device Owner AOSP Intune enrollment:
1. Userless Enrollment: Great for scaleability/shared devices. Can be configured by Systems Integrators or IT Admins. All devices scan a single QR Code containing the Intune Client download server URL, (shared)User ID, Password, Staging WiFi SSID and Network Password.
Once client is installed, it opens automatically and proceeds user through enrollment steps to meet compliance.
2. User Associated Enrollment: Requires authentication by end-user. Great for personal devices. Must be configured by device end-user. All devices scan a unique QR Code containing the Intune Client download server URL, Staging WiFi SSID (within range of end-user) and Network Password.
Once client is installed, it opens automatically. User needs to enter their User ID (corporate email address) and Password to complete enrollment.
*NOTE: For both methods, the designated staging network MUST BE a WPA/WPA2 PSK/WPA3 network type, meaning there is an SSID and Password only (think a Home WiFi network or Mobile Hotspot). Guest networks with captive portals or Corporate managed networks are not compatible for staging. This network is ONLY used to download the Intune Client and complete the enrollment process. Once enrolled, this network can be forgotten from Saved Networks.
Please see the relevant Microsoft documentation for more information:
USERLESS: https://learn.microsoft.com/en-us/mem/intune/enrollment/android-aosp-corporate-owned-userless-enroll
USER-ASSOCIATED: https://learn.microsoft.com/en-us/mem/intune/enrollment/android-aosp-corporate-owned-user-associated-enroll
- https://techcommunity.microsoft.com/t5/microsoft-intune-blog/microsoft-adds-android-open-source-project-device-management/ba-p/2792318
- https://techcommunity.microsoft.com/t5/microsoft-intune-blog/microsoft-expands-device-management-for-android/ba-p/3645407?_hsenc=p2ANqtz-_XG03q5U_qkSzu0lYrxmmUq79FB0GDrpaBkWmWRCcqDR9toeXFoNGLitzYWDwjJFZW_OPBcx_4WbFYn4tfIR5CCgDn9w&_hsmi=229447348&utm_campaign=RealWear%20Newsletter&utm_content=229447348&utm_medium=email&utm_source=hs_email