The release of iOS 13 and Android 10 may necessitate a slew of changes to organizations' mobility management practices and policies.
IT professionals can use Microsoft Intune's in-depth enterprise mobility management (EMM) functions to manage both iOS and Android devices, but they must adjust to these changes. The latest Intune mobile device management features include zero-day support for both Android 10 and iOS 13, but there are some major differences between the mobility management options for iOS and Android.
Comparing Intune's Android and iOS management is like comparing apples and oranges: two completely different platforms, with different architectures.
Android 10 Intune management
Android 10 marks the deprecation of Device Administrator APIs from Android OS. Organizations that still use Device Admin mode alongside Intune to manage Android devices should start moving to Android Enterprise, if they haven't already.
Unfortunately, a switch to Android Enterprise will require existing users to reenroll their device into Intune EMM, which could cause logistical issues. This short-term inconvenience is well worth it, however, because Android Enterprise provides mobile admins with a consistent platform to manage many different devices. IT professionals can check to see which devices work with Android Enterprise on the Android Enterprise Recommended list.
Microsoft is also building on the native Android Management API instead of building its own Intune-specific agent from the bottom up. The benefit of this approach is Microsoft doesn't have to update its own API every time Android ships out new features. If Microsoft built its own API, it might run into issues every time Google tweaks the Android OS.
Intune mobile device management features for iOS 13
Over the past few years, Apple has moved more Intune mobile device management features exclusively to Supervised Mode. Intune admins who manage iOS 13 devices will need to enroll them in Supervised Mode to restrict personal app installation, limit iCloud data usage, and deploy other restrictions and protections.
The introduction of iOS 13 also means there are now three iOS device management methods in Intune. The two preexisting methods are Supervised Mode for corporate-owned devices and the company portal app method, which was the best option for BYOD until now. With iOS 13, Apple added a new user enrollment method, where a special partition separates the corporate data from the user's private aspects of the mobile device.
This new partitioned option for iOS means Intune admins will be able to manage the corporate space of the iOS device. This will lend itself perfectly to BYOD ownership. In this scenario, the Intune admin wouldn't be able to run a factory reset on the device or perform other management tasks that require control over the entire device.
End users who want to use their own iOS devices to access corporate data have been hoping for this new feature for quite a long time. For years, Intune and other EMM tools couldn't deliver this capability due to restrictions on iOS. But, now, Intune admins can provide this access without demanding full control over the device in return.