Microsoft Integrates Intune with Google for Android Security

Intune, Microsoft's mobile management service, can now tap Google Play Protect to deliver security protections to Android devices.

Released in May, Google Play Protect is Google's rebranded trio of security protections for Android mobile devices. The service provides device-level and boot protections, an application checking service that uses machine learning for detecting unexpected app behaviors, plus protection capabilities for lost devices.

Starting this week, Intune users can turn on controls for Google Play Protect within the Intune management portal, according to Microsoft's announcement. It's enabled by two APIs and a service that checks security-provider communications channels. The "SafetyNet Verify Apps" API is used to check for malicious applications. The "SafetyNet Attestation" API is used for verifying hardware details, including a device's profile based on its hardware and software.

Google Play Protect options appear via Intune's "Android Compliance Policy" settings under "Device Health." Intune users can create a policy for Android devices that includes these options as a compliance check.

On the hardware attestation side, Google Play Protect has two options: "basic integrity" and "basic integrity and certified devices." The first option, basic integrity, looks for signs of "rooted devices, emulators, virtual devices, and devices with signs of tampering," according to Microsoft. The second option, basic integrity and certified devices, includes the basic integrity check while also verifying that the devices are unmodified and were certified by Google.

Organizations using Android Work Profiles (formerly known as "Android for Work") can turn on a "Threat Scan" function for Android devices to check the security of applications. It's done via the "Device Restrictions" setting in Intune under "System Security."

Google Play Protect solutions have been around for a while, but they may not offer the best protection. For instance, Sept. 2017 stats published by AV-Test showed that Google Play Protect 8.1 offered the worst protection among 21 Android security solutions tested.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Touting Azure for Operators, Microsoft Joins SDN Standards Group

    As part of its Azure for Operators program, Microsoft this week joined a nonprofit standards association that focuses on SDN technologies used by enterprises and service providers.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Pilot Begins of Microsoft Teams-Salesforce CRM Integration

    A new capability that lets Microsoft Teams users access information from the customer relationship management (CRM) platform debuted this week.

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.