In May 2019, then-United States President Donald Trump announced that Huawei, along with several other Chinese companies, was now on something called the Entity List. Companies on this list are unable to do business with any organization that operates in the United States.
This made the lives of administrators difficult, to ensure that these devices can still securely access corporate data while being managed. With the Company Portal app not being available in the AppGallery, this blog aims to assist you as an administrator to configure your Intune environment to allow for a better end user experience when enrolling these devices.
Intune uses Google Mobile Services (GMS) to communicate with the Company Portal when managing Android devices. In the case of Huawei, these devices do not have access to GMS.
These devices will always try to enroll with Android Enterprise but would fail due to the GMS access.
Therefore, these devices would enroll with Android Device Administrator.
Limitations of Intune device administrator management when GMS is unavailable
Configure Enrollment device platform restrictions
First, we need to ensure that Huawei devices are “forced” to enroll with Android Device Administrator by adjusting the Enrollment device platform restrictions.
- Navigate to Microsoft Endpoint Manager admin center
- Navigate to Devices – Enroll Devices – Enrollment device platform restrictions.
- Select the policy you want to edit by clicking on the Name.
- Select Properties, click on edit next to the Platform Settings.
- Add HUAWEI in the Device Manufacturer field in the Android Enterprise Type.
This will BLOCK Huawei devices from enrolling with Android Enterprise - Save the policy.
Enrolling the device
- On the device, navigate to aka.ms/CompanyPortalAPK, download and Install the Company Portal App.
- Open the Company Portal and Sign In.
- Click Begin to start the enrollment.
- Click Continue on the privacy screen.
- Click Next on the permissions screen.
- Click Activate this device admin app.
- The device will now be enrolled.
Important
You will need to create the following policies to target the Android Device Administrator managed devices: Compliance Polies, Configuration Policies, Application Deployment.
