Testing Virtual Android devices with Microsoft Endpoint Manager

Testing virtual Android Devices with Microsoft Endpoint Manager

Testing Virtual Android devices with Microsoft Endpoint Manager When you’re testing Microsoft Endpoint manager, chances are, you’re using a virtual Windows 10 device to do most of your testing. For Windows 10, there are many virtualization platforms like Hyper-V, VMWare or Virtual Box. But when it comes to Android, it’s a different ballgame. There are emulators out there, but I find that most are not that great for testing with Microsoft Endpoint Manager (Intune). This post is all about testing virtual Android Devices with Microsoft Endpoint Manager.

I’ll show you how to emulate Android devices. These virtual Android devices run on your PC, and you can use them almost the same way as physical devices. The Android emulator even comes with predefined configurations for various Android phones, tablets, and more. Testing virtual Android Devices with Microsoft Endpoint Manager is a great way to learn about configurations, policies and app deployment. Here’s an idea; If you’re working out a bring your own scenario, you can test your mobile application policies. I’m not going to explain how to configure android enrollment profiles since there are many great blogs out there that explain just that. For starters, have a look at Peter’s blog.

How can we start testing virtual Android Devices with Microsoft Endpoint Manager (Intune)? You’ll need Android Studio. Yes, you can build your own apps if you want to, but I’m interested in one particular piece of softeware: The AVD (Android Virtual Device) Manager.

Install Android Studio:

You can download Android Studio here: Download Android Studio and SDK tools  |  Android Developers and read more about AVD here: Run apps on the Android Emulator  |  Android Developers.

I’m on Windows 10 20H2 and Run Android Studio right next to Hyper-v and Virtual Box without any issues. Download Android Studio and start the installation. Make sure Android Virtual Device is selected before you continue.

Setup Android Studio

Creating your first Virtual Android device

After installing Android Studio, start it and if there are any updates, install them before you continue. Getting started with your first Android Virtual device is very simple and can be done in a couple of minutes.

Click on the Tools menu and start AVD (Android Virtual Device) Manager.

Android Studio - AVD Manager

Next Click on “+Create Virtual Device

Android Studio - AVD Manager - Create Virtual Device

There are a lot of pre-configured devices available. Just make sure to choose one that has the Google Play Store icon. These devices come with the play store so you can install apps.

Android Studio - AVD Manager - choose hardware

The rest is self-explanatory and straight forward but I created a short video to get you started.

 

Limitations

Don’t forget, you are working with a virtual device and that comes with it’s limitations. Most of the time, I use it to test app configuration policies, device configuration profiles, app protection policies and even conditional access.

  • You can’t scan a QR code on a virtual Android device to enroll so we’ll have to find a workaround. More on this below
  • I’ve had some issues with compliance policies and setting a PIN. Will need to do more testing on that
  • Need to do more tests with compliance policies in general
  • Sometimes the VM seems to hang and do nothing for a long time. If you’ve had 2 cups of coffee, start over 😉
  • With corporate-owned enrollment profiles, the KIOS mode has it’s challenges. Need to do more testing here

Let me know if you run into any other limitations. I’ll update the post for everyone to learn.

Enroll a virtual Android device in Microsoft Endpoint Manager

You can enroll a Android device by downloading the Intune company Portal App, or by scanning a QR Code. There are 4 different enrollment scenarios:

  1. Personally-owned devices with work profile
  2. Corporate-owned dedicated devices
  3. Corporate-owned fully managed user devices
  4. Corporate-owned devices with work profile

MEM - Intune - Android Enrollment scenario

There are some limitations when performing the enrollment with a virtual device. For example, you can’t scan the QR Code…

This post is all about testing Android devices with Microsoft Endpoint Manager so I’m skipping the user experience part. Our goal is to enroll a virtual Android device with Endpoint manager so you can test your configuration, policies and app deployment.

Enroll using the Company portal app – Personally-owned device with work profile

First we’ll enroll a device using the company portal app. This is what end-users would do on their own devices:

  • Start your new Android VM
  • Complete the phone setup
  • Login with your google account (Needed for Google Play Store)
  • Shutdown and start your device again
  • Install the “company portal app”
  • Enroll with work profile

Here’s another video showing you the steps to enroll the virtual Android device as a Personally-owned devices with work profile. It also shows that sometimes, things don’t go as planned. Although I’m very happy with AVD, it’s not a physical device and sometimes things take a little longer.

If there’s one tip I can give you, it would be ”Be patient” It all takes a little longer, and when you get stuck, wait a little longer and after some coffee, start over again 😉. I prefer working with physical devices, buts sometimes I need to test something when I don’t have a test (physical) device with me. This is when I fall back to using a virtual device. Once you get the hang of it, I’m sure you will use it.

Enroll corporate-owned devices with work profile by scanning a QR Code

Graphical user interface, application Description automatically generated

Did I mention, you can create screenshots of your virtual android device using AVD? Check out the video above or see the screenshot on the right 😉

I started with a physical device and walked through all steps as described by Microsoft here. Some of the steps are:

  • Created a enrollment profile.
  • Created a device group.

When you create an enrollment profile, it will generate a QR Code with a token. There was one part of the Microsoft documentation that got my attention:

 

 

 

 

 

“For corporate-owned work profile (COPE) devices, the afw#setup enrollment method and the Near Field Communication (NFC) enrollment method are only supported on devices running Android 8-10. They are not available on Android 11. For further details, refer to the Google developer docs here

“Depending on the Android OS and version of the device, you can use either the token or QR code to enroll the dedicated device”

Now that is interesting. I’ve never used the token before, simply because scanning the QR code is so obvious…

The provided link to Google is an interesting document. At first I did not see the link but upon reading further I saw a link to Enrollment token link.

Graphical user interface, text, application, email Description automatically generated

Workaround

Could this be it? https://enterprise.google.com/android/enroll?et=<enrollmentToken>

The enrollment token can be found by going to:

Endpoint Manager>Devices>Android>Android Enrollment>[your enrollment profile]

ANdroid enrollment profile token

Please Note: Yes…I revoked this example/demo token for obvious reasons…😉

I started my virtual Android device and first updated the Google Play Services as Noted above in the Google documentation.

Here are the steps you can follow:

  • Update Google Play Services
  • Start Google Chrome
  • Type in the URL: https://enterprise.google.com/android/enroll?et=<enrollmentToken>
  • Follow the steps to enroll

 

Enroll corporate-owned devices with work profile

If you want to see the complete enrollment please watch the next video:

That’s it for now. You have a corporate-owned device with work profile on a virtual android device, enrolled with Microsoft Endpoint Manager. You’re ready to test your configuration without the need for a physical device.

Final thoughts

Although virtual Android devices are a great way to test Microsoft Endpoint Manager (Intune) when you are out of physical hardware, I personally prefer to work with hardware. There are however a lot of use cases. You can test, and even make great screenshots for documentation or your blogs. Android Virtual devices have their limitations, and sometimes I had issues with enrolling a device and had to start over. But even with these limitations I think it’s a great tool to have.

let me know what you think…

5 1 vote
Article Rating

Oktay Sari

#Microsoft365 | #EMS |#MEM | #Intune | Father | #Diver | #RC Pilot & #Magician in spare time | former Microsoft WI MVP

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
jeff
jeff
14 days ago

thanks for the post. i was wondering if you deploy a compliance policy with require setting for company portal app runtime integrity, will it bring non-compliant for the AVD too?

because it happened to my AVD but not physical device.