Whether your company has been using mobile devices for years or is just implementing them in the workplace, it’s good to know how to manage them. Certain Microsoft 365 plans give you access to Intune (Microsoft Endpoint Manager) which lets you configure all devices. In this guide, I’ll show you how to deploy and configure Outlook for Android app. But before that, you’ll see how to pre-configure Intune to seamlessly deploy any Google Play Store app in your organization.
- Connecting a Managed Google Play account to Intune
- Installing Microsoft Outlook for Android app
- Configuring Microsoft Outlook for Android app
How to connect a Managed Google Play account
Configuring a Managed Google Play account is mandatory to enroll Android-powered devices in Intune. It also makes Google Play apps management much easier, e.g., you do not have to provide necessary app details every time you deploy it. Instead, you can simply choose it from the store using an intuitive GUI and decide if it will be available in the Company Portal App of enrolled devices or installed on them automatically.
Essentially, you have the full control of Android apps made available to your users, with some of them offering additional configuration of feature- and security-related options.
The process goes as follows:
- Log in to the Microsoft Endpoint Manager admin center with your global admin credentials.
- In the left-hand navigation menu, go to Devices > Enroll devices > Android enrollment, and click Managed Google Play.
- Grant the permission to send user & device information to Google and click the Launch Google to connect now button.
- If you don’t have a Managed Google Play account yet, click the Get started button and configure it. If you have one, simply use it to log in.
- Complete the standard account configuration, providing basic details such as first name, last name, ads preferences and so on.
- Once the account gets correctly connected to Intune, the status icon will change, as shown below.
Deploying the Outlook for Android app
In this section, you’ll learn how to add Outlook for Android to the app list in the Microsoft Endpoint Manager admin center and next assign the app to particular groups of users.
How to add the app to the Android app list in Intune
- Launch Microsoft Endpoint Manager admin center and go to Apps >Android in the left-hand navigation menu.
- Click the Add button. In the flyout window that opens on the right, choose Managed Google Play app from the App type drop-down menu, and click Select.
- You’ll be redirected to Google Play Store. In the search box, type ‘outlook’ and click the appropriate app icon among the found apps. Finally, click Approve to confirm adding the app as a managed one to Intune.
- Next, accept the app permissions by clicking Approve once again.
- Now, decide how to deal with future app permission requests and click Done.
- Finally, click Sync to start synchronization between your Managed Google Play account and Intune.
- Once the sync is complete, the app will appear on the Android apps list in the Microsoft Endpoint Manager admin center.
How to assign Outlook for Android to user groups
- Click the Microsoft Outlook app on the Android apps list (Apps > Android), select Properties in the left-hand navigation menu, and finally click Edit next to Assignments.
- There are several options that let you decide how the app will be assigned to selected groups. If you add groups under:
- Required, users from these groups will have the app installed automatically (only on devices enrolled in Intune).
- Available for enrolled devices, users from these groups will be able to install the app from Google Play Store via the work profile or through the Company Portal app (only on devices enrolled in Intune).
- Available with or without enrollment, users from these groups will be able to install the app through the Company Portal app (regardless of whether their device is or isn’t enrolled in Intune).
- Uninstall, users from these groups will have the app uninstalled automatically (applies only to devices enrolled in Intune).
- Once you’re done, click Review + save > Save to confirm. The app will start to install on the next sync between the assigned devices and Intune (usually a few minutes).
- To track the deployment, once again go to the Android apps list (Apps > Android), click the Microsoft Outlook app and select Overview in the left-hand menu. To get more details, click either Device install status or User install status.
Configuring Outlook for Android via Intune
To configure any app with Intune, you need to create an app configuration policy which allows you to adapt app’s settings to your needs. Once you save your policy, it will be applied to an app on both Intune enrolled and non-enrolled devices.
How to create app policy for mobile Outlook
- In the left-hand navigation menu, go to Apps > App configuration policies.
- Click the Add button, and the two following choices will appear:
- Managed devices – appropriate to apps for devices managed with Intune as mobile device management (MDM) provider. To use this option, an app should support an app configuration policy in Intune, which is true for Microsoft Outlook for Android.
- Managed apps – appropriate to apps designed to be integrated with Intune App SDK. In the Managed apps mode, you can manage apps on devices enrolled in 3rd party providers (other than Intune) as well.
- For our scenario, you should choose Managed devices – a wizard to create app configuration policy will launch.
- In the first step, configure the following options:
- Name for your app configuration policy.
- Platform – choose Android Enterprise.
- Profile Type – allows to choose enrollment type: whether to apply the policy to the devices enrolled as corporate-owned devices (Fully Managed, Dedicated, and Corporate-Owned Work Profile Only) or personally-owned too (Personally-Owned Work Profile Only).
- Targeted app – here you need to find and select the previously added Microsoft Outlook for Android app.
- The Settings step offers the following two groups of options:
- Configuration settings – lets you configure settings and permissions of an app.
- S/MIME – lets you configure Secure Multipurpose Mail Extensions for your users to send and receive digitally signed and encrypted messages.
In this guide, I’ll focus on configuring permissions and settings – click Configuration settings to expand it.
- When you click Add under Permissions, you can select permissions from a list to overwrite the default app permissions.
- Selected permissions will appear on the list below the Add button. Using the Permission state dropdown menu, you can force select a given permission’s state:
- Prompt – will prompt the user consent on accessing selected resource (e.g., on accessing device’s camera)
- Auto grant – automatically grants permission to an app.
- Auto deny – automatically refuses permission for an app.
- The next step is about choosing the format of app’s settings configuration. For the Configuration settings format option, you can choose either:
- Use configuration designer – the settings are configured with sliders and drop-down lists.
- Enter JSON data – the settings are configured in the JSON format.
Let’s choose the easier, GUI-based option (Use configuration designer) and set the listed options as follows:
- Focused Inbox – On – lets you divide mailbox into lists of more and less important messages.
- Suggested Replies – Off – when turned on, shows automatic reply suggestions.
- External Recipients MailTip – On – informs a user when they send an email to an external recipient (the setting affects data security, as it reduces the risk of an unintended data sharing outside the organization).
- Default app signature – Off – when turned on, adds the default signature to each message, e.g., ‘Get Outlook for Android.’
- Block external images – Off – when turned on, prevents users from viewing externally hosted images. It will not block embedded images, though.
- Sync Calendars – Off – when turned on, syncs Outlook calendar with the native calendar app.
Once you’re OK with the settings, click Next to go to the next step.
- Now, configure Scope tags, if you use them. The feature, for example, allows you to decide which admins in your organization will have access to each configuration or policy. Learn more
- In the Assignments step, you need to choose group(s) in your organization for which you want to apply the settings. The most obvious way of doing things is to apply the settings to the same users for whom you previously deployed the app. But nothing stands in the way to further narrow down the scope of assignment or assign the settings to all users or devices (here the Excluded groups section might come in handy).
- Review + create, the last step, lets you verify the entire configuration. If everything’s OK, click Create to start applying the settings to selected groups of users.
How to track the policy deployment
Similar to app deployment, Intune allows you to track the application of an app configuration policy as well. To check the application status, proceed as follows:
- Click the newly created policy on the list (Apps > App configuration policies).
- Select Overview in the left-hand navigation menu to display the general view of devices and users for whom the policy has already been applied. Here you can also see any potential error messages. To get more details, click either Device install status or User install status.
Once the settings are applied, they will be reflected when a user in your organization uses Microsoft Outlook for Android on their phone or tablet. For example, below you can see the External Recipients MailTip feature in action: when a user sends an email to external recipient, the tip with appropriate information is shown above the To field.
Do you guys do consulting on Intune setup? I have a question about using Managed Home Screen (MHS) on Android via Intune. I want to connect an Android device to a Wi-Fi Hotspot Portal but I have to exit kiosk mode to do so. Is there a way to remove that restriction?
I’m willing to pay for your services.
My company doesn’t have a Google (corporate) account. We do O365. But want our Android devices to get Outlook through the Intune portal. I thought this would be the way, as we get in a loop, of sorts, in that we click the Outlook download, but during configuration, it redirects us back to the Google Play store. I thought it was b/c people were using their personal Google Play account. I don’t see how to set this up, if we don’t have a Company Google presence. Thank for any info.
You need Managed Google Play Accounts. To learn more about this and how to set it up, it’s best to consult Managed Google Play Help