Enable Microsoft Intune for Managed Android Devices

The Emburse Enterprise mobile app supports Microsoft Intune for Mobile Application Management (MAM) on Android devices. This integration enables your organization to apply Microsoft Intune app protection and compliance policies when the app runs on either company-managed devices or personally owned devices (BYOD), helping protect corporate data while maintaining a seamless user experience.

Android Enterprise Enrollment Comparison Table

Scenario Company Portal  Policies Conditional Access Notes
Fully Managed Device – Android Enterprise Required Device-level, App-level compliance Yes Full corporate ownership, no personal profile.
BYOD (Work Profile) – Android Enterprise (Personally Owned) Required Device-level (limited to work profile only), App-level compliance via Company Portal Yes User privacy model. Controls only inside the work profile. Cannot manage OS updates or personal profile.

Users: Enroll Your Managed Android Device in Intune

Follow these steps to set up your device and install the Emburse Enterprise app.

  1. Install the Company Portal app from the Google Play Store.
  2. Open the Company Portal and sign in using your Microsoft account.
    a. Follow the on-screen setup instructions to complete enrollment.
  3. Once setup is complete, a work profile will be created on your device. This profile includes the Company Portal app and other system applications (e.g., Phone, Contacts).
  4. Open the Company Portal.
    a. At the bottom of the screen, select the Play Store option under the work profile.
    b. In the Managed Google Play Store, search for and install the Emburse Enterprise app.
  5. Open the Emburse Enterprise app. The first time you launch the app, a Microsoft sign-in screen displays.
  6. Sign in with your Microsoft credentials. The app will automatically register your account for the applicable App Protection Policy (APP) settings.
    a. Intune may take up to 30 seconds to verify your user account during the registration process.
  7. After successful registration, the Emburse Enterprise login screen displays. Sign in using your Emburse Enterprise credentials.
The Emburse Enterprise login system requires a browser to be installed on the device. For BYOD devices using a work profile, the browser must be part of that profile.

What Intune Does

Your company’s Intune policies may automatically:

  • Prevent copying or pasting sensitive data outside the app.
  • Encrypt or securely store company data on your device.
  • Require company-managed authentication for access.

Policies vary by organization and are controlled by your company’s IT team.

You can still use the app if your device is not managed through Intune, but corporate data protection policies will not apply.

Need Help?

If you experience sign-in issues or see such messages as “Admin approval required” or “This app must be managed by your organization,” contact your company’s IT department for assistance.

IT Administrators: Configure Intune Integration for Managed Android Devices

Below are the setup steps for enabling your organization’s Intune integration. For detailed Microsoft documentation, visit the Microsoft Intune Help Center.

Ensure a supported browser (e.g., Chrome or Firefox) is available in the Managed Google Play Store. To grant access, add the browser as a managed app through the Microsoft Admin Center following the same process used for the Emburse Enterprise app.

Step 1: Connect Intune to Managed Google Play (One-Time Setup)

  1. Open the Microsoft Intune Admin Center.
  2. In the left-hand navigation menu, select Devices.
  3. Choose Android, then select Enrollment.
  4. Select Managed Google Play.
  5. Choose Launch Google to connect now and complete the setup wizard.

Once connected, Intune can access and manage apps from Managed Google Play directly in the portal. You can then browse, sync, and deploy apps to enrolled Android devices.

Step 2. Add a Managed Google Play App

  1. In the Microsoft Intune admin center, from the left-hand menu, select Apps.
  2. Under Managed Apps by Platform, or in the Android submenu, select Create.
  3. For App Type, choose Managed Google Play app, then click Select. The Managed Google Play store will display within Intune.
  4. In the store window, search for Emburse Enterprise Intune, then select and approve it.
  5. Return to Intune and select Sync at the top of the page to import the app into your tenant.
  6. After syncing, select Refresh to display the app under All Apps. There may be a short delay before it displays.
  7. Assign Emburse Enterprise to the appropriate user or device groups.
    a. Select the app and select Properties → Edit (Assignments).
    b. Add one or more groups, then select Review + Save.

Notes

  • After you connect Managed Google Play, Intune may automatically add such common Android Enterprise apps as Company Portal.
  • If the Managed Google Play window does not appear in Intune, confirm that the connection is active by selecting Devices → Android → Android Enrollment → Managed Google Play.
  • After approving or selecting an app, always select Sync; the app will not appear in All Apps until the sync process completes.

Step 3. Add an App Configuration Policy for Managed Devices

  1. In the Microsoft Intune admin center, from the left-hand menu, select Apps.
  2. Choose Android, then select Configuration.
  3. Select Create → Managed Devices.
  4. Provide a name and, if desired, a description for the configuration policy.
  5. Configure the following settings:
    a. Platform: Select Android Enterprise.
    b. Profile Type: Choose All Profile Types (fully managed and BYOD).
    c. Targeted App: Select the Emburse Enterprise app, then select Next.
  6. Under Configuration Settings, select Intune MAM UPN and set the value to {{UserPrincipalName}}.
  7. Under Assignments, select the same user group(s) assigned to the app.
  8. Review your settings and select Create.

Step 4. Create an App Protection Policy (APP) for Android

  1. In the Microsoft Intune admin center, from the left-hand menu, select Apps.
  2. Choose Android, then select Protection.
  3. Select Create and complete the following fields:
    a. Name: Enter a clear, descriptive name for the policy.
    b. Description: (Optional) Add additional details or context.
    c. Platform: This will be set to Android automatically and cannot be changed.
  4. Under Target Policy, choose Selected Apps, then select + Add Custom App.
    a. Bundle/Package ID: com.emburse.mobile
  5. Configure Data Protection Settings according to your organization’s security requirements (e.g., encryption, data transfer restrictions, and cut/copy/paste controls).
  6. Assign the policy to the same group(s) as in previous steps.
  7. Review the configuration and select Create.

Configuration Key

If the Intune MAM UPN key is missing or misconfigured, the Emburse Enterprise app will launch in unmanaged mode and Intune policies will not apply.

Was this article helpful?