Data Intune sends to Google
When Android enterprise device management is enabled on a device, Microsoft Intune establishes a connection with Google and shares user and device information with Google. Before Microsoft Intune can establish a connection, you must create a Google account.
The following table lists the data that Microsoft Intune sends to Google when device management is enabled on a device:
|Data sent to Google||Details||Used for||Example|
|EnterpriseId||Originated in Google upon binding your Gmail account to Intune.||Primary identifier used to communicate between Intune and Google. This communication includes setting policies, managing devices, and binding/unbinding of Android enterprise with Intune.||Unique identifier, Example format: LC04eik8a6|
|Policy Body||Originated in Intune when saving a new app or configuration policy.||Applying policies to devices.||This is a collection of all configured settings for an application or configuration policy. This can contain customer information if provided as part of a policy, such as network names, application names, and app-specific settings.|
|Device Data||Devices for Work Profile scenarios begin with enrollment in Intune. Devices for Managed device scenarios begin with enrollment into Google.||Device Data information is sent between Intune and Google for various actions such as applying policies, managing the device and general reporting.||Unique identifier to represent Device Name. Example: enterprises/LC04ebru7b/devices/3592d971168f9ae4
Unique Identifier to represent User Name. Example: Enterprises/LC04ebru7b/users/116838519924207449711
Device state. Examples: Active, Disabled, Provisioning.
Compliance states. Examples: Setting not supported, missing required apps
Software Info. Examples: software versions & patch level.
Network Info. Examples: IMEI, MEID, WifiMacAddress
Device Settings. Examples: Information on encryption levels & whether device allows unknown apps.
See below for an example of a JSON message.
|newPassword||Originated in Intune.||Resetting device passcode.||String representing new password.|
|Google User||Managing the work profile for Work Profile (BYOD) scenarios.||Unique identifier to represent the linked Gmail account. Example: 114223373813435875042|
|Application Data||Originated in Intune when saving application policy.||Application Name string. Example: app:com.microsoft.windowsintune.companyportal|
|Enterprise Service Account||Originated in Google upon Intune request.||Used for authentication between Intune and Google for transactions involving this customer.||There are several parts:
Enterprise Id: documented previously.
UPN: generated UPN used in authentication on behalf of customer.
Key: Base64 encoded blob used in auth requests, stored encrypted in the service, but this is what the blob looks like:
Unique Identifier to represent the customer’s key
To stop using Android enterprise device management with Microsoft Intune and delete the data, you must both disable the Microsoft Intune Android enterprise device management and also delete your Google account. Refer to Google account how to perform account management.
Send feedback about: