|Applies to: Intune in the classic portal|
|Looking for documentation about the Intune Azure portal preview? Go here.|
You deploy apps to Android for Work devices in a different way than you deploy them to standard Android devices. All apps you install for Android for Work come from the Google Play for Work store. You log into the store, browse for the apps you want, and approve them. The app then appears in the Volume-Purchased Apps node of the Intune console. From here, you can manage deployment of the app in the same way you would deploy any other app.
Additionally, if you have created your own line of business (LOB) apps, you can deploy them. To do that, you need to sign up for a Google Developer account which lets you publish apps to a private area in the Google Play store and then synchronize them with Intune.
Before you start
- Make sure you have configured Intune and Android for Work to work together in the Admin tab of the Intune console.
Synchronize an app from the Google Play for Work store
- Go to the Google Play for Work store. Sign in with the same account you used to configure the connection between Intune and Android for Work.
- Search the store for the app you want to deploy using Intune.
- On the page for the app you chose, choose Approve. In this example, you have chosen the Microsoft Excel app.
- A window for the app opens asking you to give permissions for the app to perform various operations. You must choose Approve to continue.
- After a moment, you'll see a confirmation message that the app has been approved and is available in your IT admin console.
Publish, then synchronize, a line of business app from the Google Play for Work store
- Go to the Google Play Developer Console, play.google.com/apps/publish.
- Sign in with the same account you used to configure the connection between Intune and Android for Work. If you are signing in for the first time, you must register, and pay a fee to become a member of the Google Developer program.
- In the console, choose Add new application.
- You upload and provide information about your app in the same way as you publish any app to the Google Play store. However, you must select the setting Only make this application available to my organization (<organization name>) as shown below.
This ensures that the app is only available to your organization, and is not available in the public Google Play store. For more information about how to upload and publish Android apps, see the Google Developer Console Help.
- Once you have published your app, go to the Google Play for Work store. Sign in with the same account you used to configure the connection between Intune and Android for Work.
- In the Apps node of the store, verify you can see the app you have published. Note that it has been automatically approved to be synchronized with Intune.
Deploy an Android for Work app
If you have approved an app from the store and don't yet see it in the Volume-Purchased Apps node of the Apps workspace, you can force an immediate sync as follows:
- In the Intune administrator console, choose Admin > Mobile Device Management > Android for Work.
- On the Android for Work Mobile Device Management Setup page, choose Sync Now.
- The page also displays the time and status of the last sync.
When the app is displayed in the Volume-Purchased Apps node of the Apps workspace, you can deploy it just like you would any other app. You can deploy the app to groups of users only. Currently, you can only select the Required and Uninstall actions.
The ability to deploy an app as Available leverages the new grouping and targeting experience. Newly provisioned Intune service accounts will be able to use this feature upon release. Existing Intune customers can use this feature once their tenant has been migrated to the Intune Azure portal. Existing customers are welcome to create a trial Intune account to plan for and test this feature until their tenant has been migrated.
After you deploy the app, it will be installed on the devices you targeted. The user of the device will not be asked for approval.
Manage app permissions
Android for Work requires you approve apps in Google's managed Play web console before syncing them to Intune and deploying them to your users. Because Android for Work allows you to silently and automatically push these apps to users' devices, you must accept the app's permissions on behalf of all your users. End users will not see any app permissions when they install, so it's important that you read and understand these permissions.
When an app developer publishes a new version of the app with updated permissions, those permissions are not automatically accepted, even if you've approved the previous permissions. Devices that running the old version of the app can still use it, but the app won't be upgraded until the new permissions are approved. Devices without the app installed cannot install the app until you approve the app's new permissions.
How to update app permissions
You should periodically visit the managed Google Play console to check for new permissions. If you deploy an app and observe it isn't installed on devices, check for new permissions with the following steps:
- Visit http://play.google.com/work
- Sign in with the Google account you used to publish and approve the apps.
- Visit the Updates tab to see if any apps require an update. Any listed apps require new permissions and won't deploy until they are.