Troubleshooting Android Enterprise device enrollment in Intune

This article helps administrators understand and troubleshoot common scenarios when enrolling Android Enterprise devices in Microsoft Intune. See Troubleshoot device enrollment in Microsoft Intune for additional, general troubleshooting scenarios.

This is expected behavior. You must manually trigger a sync.

This is expected behavior. You can't turn off encryption: Google requires that the device be encrypted to create a work profile.

Although your device may meet the Android Enterprise and OS version requirements for a personally owned work profile, you may still experience this issue due to an existing profile on the device or OEM restrictions.

To check if the device has an existing work profile, go to Settings > Passwords & accounts > Work. If a work profile isn't expected, remove it and try enrolling again. The setting's location may vary depending on the device manufacturer.

To check if the device can create a sample work profile, install the Test DPC app from the Google Play Store and follow the setup instructions. If the Test DPC app fails to create a work profile, contact the device manufacturer for more details on work profile support.

This is expected behavior. In the work profile scenario, the MDM provider doesn't have full control over the device. The only option available is Retire (Remove Company Data) which removes the whole work profile and all its contents.

Wipe is supported for Android Enterprise corporate-owned with work profile devices.

For personally owned work profile enrolled devices, you can only reset the work profile passcode on devices running Android 8.0 or later if the following conditions are met:

• The work profile passcode is managed.
• The device user has allowed you to reset it.

For corporate-owned work profile enrolled devices, you can only reset the work profile passcode. For Android Enterprise dedicated devices and fully managed devices, device passcode reset is supported.

In some cases, the enrollment checklist may not be displayed as expected when users launch the Company Portal app.

If users aren't seeing the enrollment checklist, they can navigate to it. To bring up the enrollment checklist, tap on the notification bell in the upper-right corner of the Company Portal app and then tap the notification.

The Microsoft Launcher app is the default launcher app on Duo devices, so the app icon has been hidden from the apps list and in the personal and work Google Play stores. This will be fixed in a coming update.

When an unenrolled user tries to access corporate data in an app protected by conditional access (CA), the user will be guided to enroll their device. During this enrollment flow, the Microsoft Edge app is launched to open the Company Portal website. In some cases, the Microsoft Edge app may prompt the user to sign into Microsoft Edge, which diverts the user from the enrollment flow.

To avoid this entirely, tell users to enroll in the Company Portal before trying to access their organization's data. If a user does try to access their organization's data before enrolling, when Microsoft Edge prompts the user to sign in, they should skip the Microsoft Edge sign-in step in order to proceed with the enrollment flow. Users can always initiate enrollment in the preinstalled Company Portal app.

Google releases service announcements containing details about issues that may impact Android Enterprise management. Follow the instructions to subscribe and receive notifications for new posts.

Third-party contact disclaimer

Microsoft provides third-party contact information to help you find additional information about this topic. This contact information may change without notice. Microsoft does not guarantee the accuracy of third-party contact information.