Share via

A client of mine followed the steps to enroll his Android device to Intune as a BYOD with work profile, it got enrolled as Android Admin instead.

Matias Keib 26 Reputation points
2023-05-23T16:50:36.02+00:00

Hello guys,

First thing first. When you go to Enrollment options for Android and click on device admin, the first thing you see is:

[

](https://filestore.community.support.microsoft.com/api/images/bc1fb549-6e6f-4cb7-b3ca-eb9532579f0d?upload=true)

Then Why:

A_ is there an active tutorial on how to do it on Learn?

[

](https://filestore.community.support.microsoft.com/api/images/fa29c493-9707-4dda-a843-3d86f6f8d9ce?upload=true)

B_ There is no further explanation on how or why a device would be enrolled as "Device Administrator"?

I have been enrolling devices for quite some time now, and it has always been the same story: If you want fully managed or Corporate, Wipe and scan the QR. Otherwise, for personal devices just download company portal and follow the enrollment wizard. I have seen many tenants where my clients have been performing enrollment tests and all Android devices got also enrolled as "Device Administrator"

I mean, is there a setting on Intune I might be overlooking or anything else I am not seeing?

Both device admin (https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-device-android-company-portal)) as well as BYOD with Work Profile (https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-device-android-work-profile)) have the same steps. I never had to do anything specific in order to be able to get a personal device enrolled with work profile. Oh by the way, it is a recent OS (Android 13) we are talking about.

Thank you very much in advance!

Microsoft Security | Intune | Microsoft Intune Android
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lu Dai-MSFT 28,501 Reputation points
    2023-05-24T02:19:33.2133333+00:00

    @Matias Keib Thanks for posting in our Q&A.

    Android device admin enrollment and BYOD with Work Profile enrollment have the same enrollment steps. The only difference is in set up device enrollment in intune portal.

    For Android device admin enrollment:

    1.It is needed to choose "Use device administrator to manage devices" under Devices > Android > Android enrollment > Personal and corporate-owned devices with device administration privileges in intune portal.

    User's image

    2.Allow Android device administrator and block Android Enterprise (work profile) in Devices > Enroll devices > Enrollment device platform restrictions > all users > Properties.

    User's image

    For BYOD with Work Profile enrollment, it is needed to block Android device administrator and allow Android Enterprise (work profile) in Devices > Enroll devices > Enrollment device platform restrictions > all users > Properties.

    User's image

    Hope it will clarify something.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.