Device Compliance - Android

The following requirements must be met on any device running Android operating system (OS) to be compliant.

  • Device must be enrolled in Intune
  • Device cannot be "rooted" 1)
  • Device PIN is required, minimum 4 characters long
  • Minimum OS version is 11.0
  • Encryption of data storage on the device is required (BYOD excluded for now)
  • Google Play Services must be configured
  • Company Portal app runtime integrity is required 2)
  • Threat scan on apps is required (i.e. Android's "Verify apps" feature must be enabled)
  • Apps from unknown sources cannot be installed
  • USB debugging on the device is not allowed
  • Up-to-date security provider is required (BYOD excluded for now)
  • Basic integrity and device integrity check is required


1) Rooting an Android device means acquiring root access, which grants user elevated, administrator-level privileges over the operating system. While rooting provides more control, it is not recommended for most people as the risks outweigh the benefits.

2) The Company Portal app should be installed on the Android devices enrolled in Intune. It is a central hub for accessing company resources, apps, and policies. Runtime Integrity ensures that the Company Portal app meets specific requirements related to its runtime environment and installation. By enforcing runtime integrity, we can ensure that the Company Portal app functions correctly, securely, and without any unauthorized modifications. It helps protect organizational resources by ensuring that only properly configured and authorized versions of the app are used.


Article ID: 151330
Thu 11/2/23 9:29 AM
Thu 2/22/24 6:27 PM

Related Articles (2)

This article explains how personal Android devices that access organization e-mail, apps, and other data can be enrolled in Intune without giving it access to personal apps and data on the device.
This article provides instructions on how to enroll University-owned Android smartphone or tablet used by one person into Intune device management. It covers two supported scenarios: device will be used for work tasks only, device will be used for work and personal tasks.