Assigning device password settings to Android Enterprise fully managed devices in Intune
When you assign a device restrictions profile that includes password settings to Android Enterprise fully managed (formerly known as Corporate Owned Business Only) devices, a different behavior occurs depending on whether the profile is assigned before or after the devices are enrolled in Microsoft Intune.
Behavior if the profile is assigned before enrollment
If the profile is assigned before the device is enrolled, the password settings are applied at the initial state of device setup. Therefore, you are prompted to set a password, as shown in the following screenshot:
Behavior if the profile is assigned after enrollment
If the profile is assigned after the device is enrolled, you aren't prompted to set a password during device setup, as shown in the following screenshot:
When the profile is assigned to the device, you won't be notified or prompted to set a password. The password settings deployment will report as failed until you manually set a password that meets the requirements.
Recommendation
Because of the OS limitation on Android Enterprise fully managed devices, we recommend that you assign the device restrictions profile that includes password settings to the devices before enrollment.
More information
When you assign the profile to a dynamic device group, the group membership is decided after the devices are enrolled. Therefore, the profile won't be applied to the targeted devices until the devices are registered to Intune.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for