Welcome to Setting Up Android Enterprise Dedicated Device Enrollment. Organization-owned single-purpose kiosk-type devices that are used for things like digital signage, ticket printing, and inventory management are supported by Android Enterprise.

Using Android Enterprise Dedicated Device Enrollment, you can lock down these kinds of devices to specific apps, including web apps. By locking these devices down, you can prevent users from adding their own, unapproved, apps to them and you can prevent them from taking actions on them, unless you explicitly approve them.

You can enroll these kinds of devices in Intune in two different ways. A device like this can be enrolled as a standard Android Enterprise dedicated device, or it can be enrolled as a standard Android Enterprise dedicated device that’s automatically set up with Microsoft's Authenticator application configured into Azure AD Shared device mode during enrollment.

Standard Android Enterprise dedicated devices are enrolled in Intune without a user account, meaning they are not associated with any particular user. This is because these kinds of kiosk-style devices are generally not intended for personal use applications, nor for apps that require user-specific account data like Outlook email or Gmail.

A standard Android Enterprise dedicated device that is automatically set up with Microsoft's Authenticator application configured into Azure AD Shared device mode during enrollment is also enrolled in Intune without a user account. It, too, is not associated with any particular user. Devices enrolled in this fashion are meant to be used with apps that are integrated with Azure AD's Shared device mode to allow for single sign-in and single sign-out between users across participating applications.

Regardless of which option you choose, Intune helps simplify the deployment of applications and settings to Android Enterprise dedicated devices. 

Now, it’s important to note that in order to be managed as an Android Enterprise dedicated device, a device needs to meet certain requirements. More specifically, such devices must run Android OS version 6.0 and above, and the device must run a distribution of Android that has Google Mobile Services (GMS) connectivity. The device needs to have GMS available, and it must be able to connect to GMS.

To enable Android Enterprise dedicated device management, you need to first set the mobile device management (MDM) authority to Microsoft Intune. Once you’ve done this, you need to Connect your Intune tenant account to your Managed Google Play account. The URL on your screen provides step-by-step instructions for this:

Once you’ve connected your Intune tenant to your Managed Google Play account, you can create your enrollment profile, which allows you to enroll your dedicated devices. When the enrollment profile is created, you receive an enrollment token and a QR code. You can use either or to enroll the dedicated device, depending on the Android OS and version of the device.

The next step is to create a device group. Using a device group, or multiple device groups, allows you to target apps and policies to groups of devices.

And then, lastly, you can enroll the dedicated devices. During enrollment, the Microsoft Intune app is automatically installed on the dedicated devices. It’s important to note that the Microsoft Intune app is required for enrollment, and it can’t be uninstalled. 

The Microsoft Authenticator app will also automatically be installed during enrollment if you are using the token type Corporate-owned dedicated device with Azure AD shared mode. This app is also required for this enrollment method, and it cannot be uninstalled.