BYOD Basics: Enabling Android in the Workplace via the Azure Authenticator App

Enabling Android in the workplace has always been a challenge for most IT Professionals.  Aside from the advancements made by certain OEMs in regards to security, fragmentation of the OS offering is ailment most cannot solve.  Coupled with Microsoft Intune or other MDM software, some piece of mind can be achieved. Do remember however that security is in the eye of the beholder. While there is no 100% certainty that any OS and/or device is completely secure, steps taken can at least make it very difficult to access the data that presides on said OS/device.

To truly enable the best security possible, one must consider securing the identity of the individual using said Android device rather than simply securing the device itself. Once an organization has extended their on premise Active Directory implementation via sync or federation to Azure Active Directory, IT administrators can enable Microsoft’s Azure Authenticator for Android offering which provides two tools to further secure the identity of the user using the device.
 
Work Account - Android phones or tablets are enabled as a trusted device and provide Single Sign-On authentication to IT governed company applications.

Multi-Factor Authentication – The user is notified via the Azure Authenticator app of a pending two-factor verification request.  An alert displayed on said mobile device highlights the request in the app in which the user may then be prompted to enter the passcode displayed in the app.

The Azure Authenticator App for Android can be downloaded via the Google Play Store.

Once installed, the user can add their work account via the Azure Authenticator app home screen.

1. To start this process, first click the context menu on the right and select Work account.
    
    
    
2. Select Work Account on the Add Account screen.
    
    
    
3. Click Activate on the Activate device administrator screen.
    
    
    
4. Next select the checkbox acknowledging that the policy is understood and click Confirm on the Privacy Policy screen.
    
    
    
5. Enter the UserID provided by your organization on the Workplace Join screen and click Join.
    
   
    
6. Enter the organizational account and password to sign in to the Azure Authenticator app and click Sign in.
    
   
    
7. Information is then displayed regarding if multi-factor authentication has been added. Instructions are provided to further verify your account.
    
   
    
8. Once completed, the following screen will be displayed highlighting the account that was successfully joined.