This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 15%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Good Afternoon,
I work in a large organization and am looking for a better solution for setting up user Android mobile devices. Currently, we use fully managed device enrollment through Intune, which requires either resetting user passwords or asking users for their passwords during setup. This approach raises security concerns.
We have attempted a "bring your own device" setup, but this does not provide the level of management we need.
I would appreciate any guidance or solutions you can provide that would allow us to implement a secure, user-friendly, and fully managed device setup process. This information will be used to propose a better approach to our management team.
TIA JW
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@JW,Thanks for posting in Q&A.
Based on the official document, there are some Android device enrollment methods you can refer to.
BYOD: Android Enterprise personally owned devices with a work profile
Android Enterprise corporate owned dedicated devices (COSU)
Android Enterprise corporate owned fully managed (COBO)
Android Enterprise corporate owned work profile (COPE)
Android Open Source Project (AOSP)
Android device administrator (DA)(deprecated)
https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-android
And after the research, Android Enterprise fully managed, Android Open Source Project and Android Enterprise corporate owned work profile are both requires either resetting user passwords or asking users for their passwords during setup.
Android Enterprise corporate owned dedicated devices, the only purpose is to be a kiosk-style device. They aren't associated with a single or specific user. These devices are commonly used to scan items, print tickets, get digital signatures, manage inventory, and more.
So, it is suggested that you consider Android Enterprise corporate owned fully managed or Android Enterprise corporate owned work profile, although these two methods require a password during the setup process, they are still more convenient and secure than other registration methods.
Hope above information can help you.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@JW, Hope you have a nice day.
I am writing as a courtesy to follow up on this ticket. May I know the status from your side please? Please feel free to let me know if you have any concerns.