This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Download Microsoft Edge
More info about Internet Explorer and Microsoft Edge
Important
This article is being published ahead of the firmware update which supports the migration to Android Open Source Project (AOSP) Management. Publishing this article early allows organizations the time to prepare their environment to migrate from Android Device Administrator to the new mobile device enrollment (MDM) method created by Intune called Android Open Source Project (AOSP) Management. A message center post will be sent to your organization when the AOSP Management firmware is available.
This is a preview or early release feature.
This document describes how IT administrators can prepare their Teams Android Device environment for a migration. This migration is from Android Device Administrator to the new mobile device enrollment (MDM) method that was created and called Android Open Source Project (AOSP) Device Management. This new MDM enrollment method replaces the legacy Device Administrator enrollment method and serves as the basis for new features and functionality that are rolled out. For this migration to be successful, organizational IT administrators have specific actions they must take and all of which are covered in this article.
This article covers:
Set up new AOSP Management Enrollment Profiles
Set up AOSP Management Configuration & Compliance Policies
Deploy AOSP Management capable device firmware
Step 1 - Set up new AOSP management enrollment profiles
In order for Teams Android Devices to enroll in AOSP Management, an enrollment profile must be created.
Prerequisites
To migrate from Android Device Administrator to Android AOSP management, you must have:
Teams Android Devices deployed which are enrolled using Device Administrator.
Teams Android Devices that are supported with AOSP Management. Any devices not listed aren't supported on AOSP Management:
Click Here
.
Intune admin permissions in your Microsoft 365 environment.
Important
If your organization doesn't enroll your Teams Android devices in Intune (typically by disabling the Intune license on your resource accounts) then there is no need to set up an enrollment profile or create AOSP Management policies. Just upgrade your devices to the AOSP Management capable firmware at release to stay on current firmware but no Intune configuration is required.
Setup AOSP management enrollment profiles
These steps are specific to Teams Android devices. If you have non Teams devices, refer to the Intune guidance for setting up profiles:
Set up Android (AOSP) device management in Intune for corporate-owned user-associated devices - Microsoft Intune | Microsoft Learn
When creating an enrollment profile, verify it doesn't conflict with any enrollment profiles that were created before.
Sign in to the Intune Management Console with an account with Intune administrator permissions:
https://intune.microsoft.com/
.
Select
Devices
>
Enrollment
> then
Android
.
Under
Enrollment Profiles
, select
Corporate-owned, user-associated device
.
Select
Create profile
.
Use the following settings for the profile configuration:
Name
Give the profile a name like 'AOSP – Teams Devices'.
Description
Put in a description so others in the organization know what this enrollment profile is used for. Use something like 'This AOSP Management enrollment profile is to allow Teams Android Devices to enroll in Intune'.
Token expiration date
Leave this blank. (The current enrollment profiles are limited to a 90-day expiration. However, this expiration limit might be extended in a future release.)
Wi-Fi
Select
Not configured
.
Microsoft Teams devices
Select
Enabled
.
Select
Next
.
Review the profile and then select
Create
.
The enrollment profile is been created and is now ready to enroll devices.
Step 2 - Set up AOSP Management Configuration & Compliance Policies
These steps aren't required for your Teams devices, any Teams Android Devices that are enrolled in AOSP Management support both Intune configuration policies and Intune compliance policies. While they aren't required for the devices to function properly, it's likely you want to use them on the Teams devices in your organization because they bring additional features, functionality, and security for your Teams devices.
AOSP management configuration policies
Currently, the only supported configuration policy for Teams Android Devices enrolled with AOSP Management is the Device Restrictions profile and only the “block screen capture” restriction inside of that profile. Support for more configuration policies is planned in the future.
Creating a AOSP Management Configuration Policy
These steps are specific to Teams Android devices. For non-Teams devices or for more information, please refer to the Intune guidance for setting up profiles:
Device restriction settings for Android (AOSP) in Microsoft Intune | Microsoft Learn
Sign in to the Intune Management Console with an account with Intune administrator permissions:
https://intune.microsoft.com/
.
Select
Devices
>
Configuration
.
Select
Create
>
New Policy
.
For
Platform
select
Android (AOSP)
.
Under
Profile
type select
Device Restrictions
, then select
Create
.
Provide a name and description for the policy, then select
Next
.
Under
General
set
Block screen capture
to
Yes
, then select
Next
.
Assign this profile to all devices or an Entra ID group of devices, select
Next
, then select
Create
.
AOSP Management Compliance Policies
There's currently a limited set of supported compliance policies for Teams Android Devices enrolled with AOSP Management but more are planned for in future releases:
Device Health
Rooted devices (Block).
Device Properties
Minimum OS version.
Device Properties
Maximum OS version.
System Security
Require encryption of data storage on device.
Creating a AOSP Management Compliance Policy
These steps are specific to Teams Android devices. For non-Teams devices or for more information, please refer to the Intune guidance for setting up profiles:
Android (AOSP) compliance settings in Microsoft Intune | Microsoft Learn
Sign in to the Intune Management Console with an account with Intune administrator permissions:
https://intune.microsoft.com/
.
Select
Devices
>
Compliance
, then
Create policy
.
Under
Platform
>
Android (AOSP)
, then select
Create
.
Provide a name and description for the policy.
Select
Next
.
Enable the desired compliance settings from the supported list.
Select
Next
, then select
Next
.
Assign this profile to all devices or an Entra ID group of devices.
Select
Next
, then select
Create
.
Step 3 - Deploy AOSP Management capable device firmware
Important
You might not be able to complete these steps because they depend if the AOSP Management firmware is available for your devices or not. However, you'll still need to complete the enrollment profile creation prior to following these steps.
During the second half of 2024, a new Team Android Device firmware version will be released that supports the migration to AOSP Management both for currently deployed devices and any new Teams devices. This firmware update will be available in the Teams Admin Center as a manual update to allow admins the time needed to slowly migrate their devices over to AOSP.
Updating devices
These steps provide the guidance for how to update your devices through Teams Admin Center:
Sign in to Microsoft Teams admin center with an account with Teams device administrator permissions:
https://admin.teams.microsoft.com/
.
Select
Teams
then
Devices
.
Select the desired device type.
Select the display name of the device you wish to update.
Select
Update software
.
Open
Manual updates
.
Select the new firmware update, then you can choose to
update immediately
or
during a maintenance window
.
Select
Update
.
Allow time for your device to update.
Once the device updates, it should automatically sign back in to Teams and function as normal.
Confirming the AOSP Management update is installed
Log in to Microsoft Teams admin center with an account with Teams device administrator permissions:
https://admin.teams.microsoft.com/
.
Select
Teams
, then select
Devices
.
Select the desired device type.
Select the display name of the device you wish to update.
Select
History
.
Look for a recent Software update action and confirm the status is
Successful
.
When it's successful, select the
Health
tab.
A 'Microsoft Intune App' and 'Authenticator App' should be listed under software type and
Up to date
this message confirms that the device is now running an AOSP Management capable firmware.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:
https://aka.ms/ContentUserFeedback
.
Submit and view feedback for
This product