Data Intune sends to Google
When Android enterprise device management is enabled on a device, Microsoft Intune establishes a connection with Google and shares user and device information with Google. Before Microsoft Intune can establish a connection, you must create a Google account.
The following table lists the data that Microsoft Intune sends to Google when device management is enabled on a device:
| Data sent to Google | Details | Used for | Example |
|---|---|---|---|
| EnterpriseId | Originated in Google upon binding your Gmail account to Intune. | Primary identifier used to communicate between Intune and Google. This communication includes setting policies, managing devices, and binding/unbinding of Android enterprise with Intune. | Unique identifier, Example format: LC04eik8a6 |
| Policy Body | Originated in Intune when saving a new app or configuration policy. | Applying policies to devices. | A collection of all configured settings for an application or configuration policy. Policy Body can contain customer information if provided as part of a policy, such as network names, application names, and app-specific settings. |
| Device Data | Devices for Android Enterprise Corporate-Owned Personally-Owned Work Profile scenarios begin with enrollment in Intune. Devices for Managed device scenarios begin with enrollment into Google. | Device Data information is sent between Intune and Google for various actions such as applying policies, managing the device and general reporting. | Unique identifier to represent Device Name. Example: enterprises/LC04ebru7b/devices/3592d971168f9ae4 Unique Identifier to represent User Name. Example: Enterprises/LC04ebru7b/users/116838519924207449711 Device state. Examples: Active, Disabled, Provisioning. Compliance states. Examples: Setting not supported, missing required apps Software Info. Examples: software versions & patch level. Network Info. Examples: IMEI, MEID, WifiMacAddress Device Settings. Examples: Information on encryption levels & whether device allows unknown apps. See the following example of a JSON message. |
| newPassword | Originated in Intune. | Resetting device passcode. | String representing new password. |
| Google User | Managing the work profile for Personally-Owned Work Profile (BYOD) scenarios. | Unique identifier to represent the linked Gmail account. Example: 114223373813435875042 | |
| Application Data | Originated in Intune when saving application policy. | Application Name string. Example: app:com.microsoft.windowsintune.companyportal | |
| Enterprise Service Account | Originated in Google upon Intune request. | Used for authentication between Intune and Google for transactions involving this customer. | There are several parts: Enterprise Id: documented previously. UPN: generated UPN used in authentication on behalf of customer. Example: w49d77900526190e26708c31c9e8a0@pfwp-commicrosoftonedfmdm2.google.com.iam.gserviceaccount.com Key: Base64 encoded blob used in auth requests, stored encrypted in the service, but this is what the blob looks like: Unique Identifier to represent the customer's key Example: a70d4d53eefbd781ce7ad6a6495c65eb15e74f1f |
| Registration Token | Originated in Google upon device enrollment. | Used to identify device when sending push notifications to the Company Portal app. | |
| User Principal Name (UPN) | Only the UPN of the user signed-in to the Intune console initiating the process to connect Google and Intune is sent as a pre-filled hint. | Used to prefill the admin email address field of the Google enterprise signup form. |
To stop using Android enterprise device management with Microsoft Intune and delete the data, you must disable both Microsoft Intune Android enterprise device management and also delete your Google account. Refer to Google account how to perform account management.