Android 8.0 (“O”) behaviour changes and Microsoft Intune


Intune has announced day 0 support for Android 8.0 (code named "O").  You can be confident that once your users upgrade to the released version of Android O, Intune's device and app management features will continue to work seamlessly.  This applies to all facets of Android management with Intune including work profile management, non-work profile management, and App Protection Policies. The only thing you need to do is update to the latest version of the Company Portal, which is available now in the Play Store.

That said, there are two behaviour changes to be aware of.

Unknown Sources permission has moved

If you're managing MDM-enrolled Android devices but you're not using a work profile (i.e., Android for Work) then you need to enable Installation from Unknown Sources in order to install line-of-business APKs.  In an effort to increase security, Google has introduced a behavior change in Android O that changes where this setting is.  On prior versions, it used to be a device-wide setting.  On O, each individual app has its own "Install unknown apps" permission.  You can still successfully install line-of-business APKs just as you did before, you just need to go to a different place to turn it on.  End users will be guided through the flow of enabling this permission for Company Portal if they try to install a line-of-business APK that you deploy to them.

Where it was prior to Android O, under Settings > Security

 

Where it is in Android O, under Settings > Apps & notifications > Special app access > Install unknown apps > Company Portal

 

 

Block apps from unknown sources compliance setting does not work on Android 8.0

Due to the fact that the unknown sources setting has been moved from a device setting to a per-app permission, it’s no longer possible for Company Portal to detect whether this permission has been granted at the device level.  As a result, this compliance policy will not work on Android O:

 

Intune Azure portal UI:

 

Intune hybrid/SCCM UI:


Comments (1)

  1. And how does this affect the Hybrid environment versions? Will we have to migrate again?

Skip to main content