Forum Discussion
Solved
Best practice for the managed Google Play Account in Intune/MEM
Hi All, I'm looking for some advice on the best practice for setting the first step of Android enrollment in Microsoft Intune/MEM. What is the best practice for security and management, when ...
There isn't a real, outlined best practices here.
You don't need a Exchange license per say, you could use this solution - https://msendpointmgr.com/2020/08/08/2-for-1-mail-enable-unlicensed-admin-accounts/
I would use one Professional account if possible, will be the easiest way
Thijs LecomteThanks for your answer !
This gmail account doesn't receive any email we need to check for MEM/InTune or Google Play ?
Can we change the password and add MFA for this account without breaking InTune integration ?
I have read that if we loose access to the Google Play account in InTune, to change this account with a new one, we need first retire all enrolled Android device and then enroll all devices. This will have a big impact for user, or there is a easier way to do this?
Thanks,
Hi
You don't really need the check emails, except if you would require approval for app updates maybe.
I haven't personally tried enabling MFA on the account. It's something to try out I guess.
You don't really need the check emails, except if you would require approval for app updates maybe.
I haven't personally tried enabling MFA on the account. It's something to try out I guess.
Thijs Lecomte When we want to use Android Zero-Touch, do we need to use the same account (Intune Google Play Account) or this can be 2 different account ?
Apparently Google is asking to use a professionnal account to access to Zero-Touch portal.
If we use a professional account, this account need also to have an Exchange Online licence always activated with an enabled mailbox ?
Thanks !
- Yeah, you can use a different account. They are essentially two different things
Thanks, but what will be the best practice for you, with Android Zero-Touch and Intune Google Play Account :
- Two Professional Accounts.
- Two Gmail Accounts (Apparently not recommended by Google : is asking to use a professionnal account to access to Zero-Touch portal).
- Two Accounts (1 Gmail & 1 Pro) : 1 gmail Account for Intune Google Play Account & 1 Professional Accounts for Android Zero-Touch
- One unique Professional Account. So only one ExO licence and one account to secure. Any disadvantage ?
If we use a professional account, this account need also to have an Exchange Online licence always activated with an enabled mailbox or we don't need a mailbox ?
Do you know if we use also iOS and Samsung Knox : Best practice will be to use one different account for each or the same for all ? (Google Play, iOS AppStore, Android Zero-Touch, Knox)
Thanks,
