A few months back, I told you that we added support for "Bring Your Own Device" scenarios in Active Directory when we turned on Workplace Join support for Windows 8 PC's and iOS devices.
Today I'm happy to let you know that we've added Workplace Join support for Android as well!
To enable that support, we've shipped our updated Android Azure Authenticator application that includes includes both Multi-Factor Authentication and adding a "Work Account" (the end-user facing term for an Azure AD Account) to Android devices.
Your employees can now add a Work Account on Android to securely register their Android device in Active Directory using our Workplace Join mechanism. This allows you, the IT admin, to require authentication of both the user and their device before the user is given access to sensitive resources.
Employees will also benefit from Single Sign-On (SSO) across all the mobile applications that use Active Directory Authentication Library (ADAL) to authenticate with AD.Ā
The Android Work Account will register the device with the Azure AD Device Registration Service. Using devices registered with this service, you can configure conditional access policies to on-premises resources now.
We are in the process of adding policy support for all applications connected to Azure Active Directory, so these registered devices can also be used for the conditional access policies to AD connected cloud applications in the future.
See Azure AD Device Registration Overview and how to configure conditional access control policies for on-premises applications using Azure AD DRS for more details on how you can use this today.
With our strong partnership with Samsung, we have built better end user experiences for Work Account in this application for Samsung Android devices.
Employees can install the Azure Authenticator app from the Google Play Store. Using the app, there are two ways to add create work accounts. The easiest is to go to the Accounts Settings and add an account by clicking "Work Account" on that page.
They can also do this directly from within the app, using the context menu on the right and picking "Work Account".
Ā They will be asked to sign-in with their Azure AD account.
If you have configured the Azure AD Device Registration Service to require MFA, they will of course be prompted for a multi-factor authentication. We highly recommend that turn on this configuration.
For more details on the Azure Authenticator app, you can go here. I hope you'll download the app and give it a try. It's really pretty cool.
And as always, we're looking forward to any feedback and suggestions you have!
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity and Security Services Division