Intune corporate device Identifer for andorid 12 and later

AsAdmin 396 Reputation points
2022-03-14T15:45:14.547+00:00

Hi MS Intune team,

In Microsoft Intune we cant use CDI to enroll Android device with OS 12 and later as Android personal owned work profile.
So if we have BYOD device is blocked in enrolment restriction, we cant enroll these corporate device with CDI.

https://learn.microsoft.com/en-us/mem/intune/enrollment/corporate-identifiers-add
182896-image.png

Now only option left is to enroll device with "Corporates owned device with work profile". The problem in this method is this required device reset and apps deployed as available is not supported.
Also QR code will be sent to end user, which can lead to risk that user may enroll personal owned device without Intune admin or company knowledge.

https://learn.microsoft.com/en-us/mem/intune/enrollment/android-corporate-owned-work-profile-enroll

Any suggestion if this functionality to detect device via CDI is depreciated by Microsoft Intune or from Android OS.
How about some workaround?

Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,269 questions
0 comments No comments
{count} votes

Accepted answer
  1. Lu Dai-MSFT 28,356 Reputation points
    2022-03-15T02:54:17.147+00:00

    @AsAdmin Thanks for posting in our Q&A.

    In Android 12, Google removes serial number, IMEI, and MEID on personally-owned work profile devices. For more details, please read the following article:
    https://techcommunity.microsoft.com/t5/intune-customer-success/android-12-day-zero-support-with-microsoft-endpoint-manager/ba-p/2621665
    So, there is no workaroud to make it via intune.

    It seems that the only option is enroll device with "Corporates owned device with work profile". Please note that any android enrollment method needs device reset. Based on my experience, these app types(Android store app, Managed Google Play store app and web link) all can be deployed as available under assignments.

    Generally, we don't let end users enroll devices, because it may lead some risks(maybe enroll other devices to the organization). If you have to let the end users do the enrollment action, please just give them an account with intune license(don't give them the intune admin account) and please monitor the device on the Intune Portal.

    Hope it will help.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful