Testing Virtual Android devices with Microsoft Endpoint Manager

Testing virtual Android Devices with Microsoft Endpoint Manager

Last Updated on September 6, 2021 by Oktay Sari

Testing Virtual Android devices with Microsoft Endpoint Manager When you’re testing Microsoft Endpoint manager, chances are, you’re using a virtual Windows 10 device to do most of your testing. For Windows 10, there are many virtualization platforms like Hyper-V, VMWare or Virtual Box. But when it comes to Android, it’s a different ballgame. There are emulators out there, but I find that most are not that great for testing with Microsoft Endpoint Manager (Intune). This post is all about testing virtual Android Devices with Microsoft Endpoint Manager.

I’ll show you how to emulate Android devices. These virtual Android devices run on your PC, and you can use them almost the same way as physical devices. The Android emulator even comes with predefined configurations for various Android phones, tablets, and more. Testing virtual Android Devices with Microsoft Endpoint Manager is a great way to learn about configurations, policies and app deployment. Here’s an idea; If you’re working out a bring your own scenario, you can test your mobile application policies. I’m not going to explain how to configure android enrollment profiles since there are many great blogs out there that explain just that. For starters, have a look at Peter’s blog.

How can we start testing virtual Android Devices with Microsoft Endpoint Manager (Intune)? You’ll need Android Studio. Yes, you can build your own apps if you want to, but I’m interested in one particular piece of softeware: The AVD (Android Virtual Device) Manager.

Install Android Studio:

You can download Android Studio here: Download Android Studio and SDK tools  |  Android Developers and read more about AVD here: Run apps on the Android Emulator  |  Android Developers.

I’m on Windows 10 20H2 and Run Android Studio right next to Hyper-v and Virtual Box without any issues. Download Android Studio and start the installation. Make sure Android Virtual Device is selected before you continue.

Setup Android Studio

Creating your first Virtual Android device

After installing Android Studio, start it and if there are any updates, install them before you continue. Getting started with your first Android Virtual device is very simple and can be done in a couple of minutes.

Click on the Tools menu and start AVD (Android Virtual Device) Manager.

Android Studio - AVD Manager

Next Click on “+Create Virtual Device

Android Studio - AVD Manager - Create Virtual Device

There are a lot of pre-configured devices available. Just make sure to choose one that has the Google Play Store icon. These devices come with the play store so you can install apps.

Android Studio - AVD Manager - choose hardware

The rest is self-explanatory and straight forward but I created a short video to get you started.

 

Limitations

Don’t forget, you are working with a virtual device and that comes with it’s limitations. Most of the time, I use it to test app configuration policies, device configuration profiles, app protection policies and even conditional access.

  • You can’t scan a QR code on a virtual Android device to enroll so we’ll have to find a workaround. More on this below
  • I’ve had some issues with compliance policies and setting a PIN. Will need to do more testing on that
  • Need to do more tests with compliance policies in general
  • Sometimes the VM seems to hang and do nothing for a long time. If you’ve had 2 cups of coffee, start over 😉
  • With corporate-owned enrollment profiles, the KIOS mode has it’s challenges. Need to do more testing here

Let me know if you run into any other limitations. I’ll update the post for everyone to learn.

Enroll a virtual Android device in Microsoft Endpoint Manager

You can enroll a Android device by downloading the Intune company Portal App, or by scanning a QR Code. There are 4 different enrollment scenarios:

  1. Personally-owned devices with work profile
  2. Corporate-owned dedicated devices
  3. Corporate-owned fully managed user devices
  4. Corporate-owned devices with work profile

MEM - Intune - Android Enrollment scenario

There are some limitations when performing the enrollment with a virtual device. For example, you can’t scan the QR Code…

This post is all about testing Android devices with Microsoft Endpoint Manager so I’m skipping the user experience part. Our goal is to enroll a virtual Android device with Endpoint manager so you can test your configuration, policies and app deployment.

Enroll using the Company portal app – Personally-owned device with work profile

First we’ll enroll a device using the company portal app. This is what end-users would do on their own devices:

  • Start your new Android VM
  • Complete the phone setup
  • Login with your google account (Needed for Google Play Store)
  • Shutdown and start your device again
  • Install the “company portal app”
  • Enroll with work profile

Here’s another video showing you the steps to enroll the virtual Android device as a Personally-owned devices with work profile. It also shows that sometimes, things don’t go as planned. Although I’m very happy with AVD, it’s not a physical device and sometimes things take a little longer.

If there’s one tip I can give you, it would be ”Be patient” It all takes a little longer, and when you get stuck, wait a little longer and after some coffee, start over again 😉. I prefer working with physical devices, buts sometimes I need to test something when I don’t have a test (physical) device with me. This is when I fall back to using a virtual device. Once you get the hang of it, I’m sure you will use it.

Enroll corporate-owned devices with work profile by scanning a QR Code

Graphical user interface, application Description automatically generated

Did I mention, you can create screenshots of your virtual android device using AVD? Check out the video above or see the screenshot on the right 😉

I started with a physical device and walked through all steps as described by Microsoft here. Some of the steps are:

  • Created a enrollment profile.
  • Created a device group.

When you create an enrollment profile, it will generate a QR Code with a token. There was one part of the Microsoft documentation that got my attention:

 

 

 

 

 

“For corporate-owned work profile (COPE) devices, the afw#setup enrollment method and the Near Field Communication (NFC) enrollment method are only supported on devices running Android 8-10. They are not available on Android 11. For further details, refer to the Google developer docs here

“Depending on the Android OS and version of the device, you can use either the token or QR code to enroll the dedicated device”

Now that is interesting. I’ve never used the token before, simply because scanning the QR code is so obvious…

The provided link to Google is an interesting document. At first I did not see the link but upon reading further I saw a link to Enrollment token link.

Graphical user interface, text, application, email Description automatically generated

Workaround

Could this be it? https://enterprise.google.com/android/enroll?et=<enrollmentToken>

The enrollment token can be found by going to:

Endpoint Manager>Devices>Android>Android Enrollment>[your enrollment profile]

ANdroid enrollment profile token

Please Note: Yes…I revoked this example/demo token for obvious reasons…😉

I started my virtual Android device and first updated the Google Play Services as Noted above in the Google documentation.

Here are the steps you can follow:

  • Update Google Play Services
  • Start Google Chrome
  • Type in the URL: https://enterprise.google.com/android/enroll?et=<enrollmentToken>
  • Follow the steps to enroll

 

Enroll corporate-owned devices with work profile

If you want to see the complete enrollment please watch the next video:

That’s it for now. You have a corporate-owned device with work profile on a virtual android device, enrolled with Microsoft Endpoint Manager. You’re ready to test your configuration without the need for a physical device.

Final thoughts

Although virtual Android devices are a great way to test Microsoft Endpoint Manager (Intune) when you are out of physical hardware, I personally prefer to work with hardware. There are however a lot of use cases. You can test, and even make great screenshots for documentation or your blogs. Android Virtual devices have their limitations, and sometimes I had issues with enrolling a device and had to start over. But even with these limitations I think it’s a great tool to have.

let me know what you think…

4.8 6 votes
Article Rating

Oktay Sari

#Microsoft365 | #Intune |#MEM | #Security | Father | #Diver | #RC Pilot & #Magician in spare time | Microsoft MVP

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

17 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
jeff
jeff
3 years ago

thanks for the post. i was wondering if you deploy a compliance policy with require setting for company portal app runtime integrity, will it bring non-compliant for the AVD too?

because it happened to my AVD but not physical device.

tomal
tomal
2 years ago

hi. when doing the enrollment via the token the part where you register the device clicking on “Set up” has no effect or action. The device just sits in that part of the screen, i tested with a physical and a virtual android device and both have the same behavior. any suggestions?

Cathy
Cathy
2 years ago

I’m using a Samson Galaxy Tab 7 lite – I used Corporate Owned Dedicated Devices as my profile, but the device still shows a “user” profile. Any thoughts on how I get rid of that?

Elías
Elías
2 years ago

Hi,

Great post!!

I have tried with Android 9 and 10 versions, but I get the same issue when I try to enroll with https://enterprise.google.com/android/enroll?et=<enrollmentToken&gt;

Can’t set up work profile – Your IT admin doesn’t allow a work profile on this device…

Could you help me, please?

Thanks in advance

Alessandro
Alessandro
2 years ago

Hello, when I tried to enroll Android COPE I receive “Registration is taking longer than usual”. Device appear on Azure AD but is missing on Intune. Any suggestions?

FRANCISCO DE ASSIS MODEL
FRANCISCO DE ASSIS MODEL
2 years ago
Reply to  Alessandro

Hi Alessandro, I’m with same issue. Can you complete the the device register?

Jack
Jack
2 years ago

Is there a way to do this for iPhones?

noTi
noTi
2 years ago

Hi Oktay! Nice post, thanks a lot!
Have you got any problem clicking on “Register your device”? My Pixel 2 AVD just got stuck in this part. Apps are in pending status and I cannot move forward.

Nacho
Nacho
1 year ago
Reply to  noTi

Same problem here. Did you solve it?

Daniel
Daniel
1 year ago
Reply to  Nacho

Need to find a way to factory reset and boot to Setup Wizard screen.

Last edited 1 year ago by Daniel
Little
Little
1 year ago

thx for the post. i’m encountering a problem. i want to test the Microsoft Intune’s encrypt mobile on a virtual andriod. however, when i try to do the “encrypt tablet” in my virtual android, it shows “plug in your charger and try again” with the “ENCRYPT TABLET” button dimmed. my virtual android is running on Virtualbox. even i’ve encrypted the Virtualbox disk, it does not resolve the issue. any suggestions on this?

Ram gayke
Ram gayke
9 months ago

Hi work profile android mobile allow security purpose wrok profile passwrod on my mobile device screen i missing passward 15 day do not my mobile unlock plz help suggested solve improtant data in mobile