Microsoft Integrates Intune with Google for Android Security

Intune, Microsoft's mobile management service, can now tap Google Play Protect to deliver security protections to Android devices.

Released in May, Google Play Protect is Google's rebranded trio of security protections for Android mobile devices. The service provides device-level and boot protections, an application checking service that uses machine learning for detecting unexpected app behaviors, plus protection capabilities for lost devices.

Starting this week, Intune users can turn on controls for Google Play Protect within the Intune management portal, according to Microsoft's announcement. It's enabled by two APIs and a service that checks security-provider communications channels. The "SafetyNet Verify Apps" API is used to check for malicious applications. The "SafetyNet Attestation" API is used for verifying hardware details, including a device's profile based on its hardware and software.

Google Play Protect options appear via Intune's "Android Compliance Policy" settings under "Device Health." Intune users can create a policy for Android devices that includes these options as a compliance check.

On the hardware attestation side, Google Play Protect has two options: "basic integrity" and "basic integrity and certified devices." The first option, basic integrity, looks for signs of "rooted devices, emulators, virtual devices, and devices with signs of tampering," according to Microsoft. The second option, basic integrity and certified devices, includes the basic integrity check while also verifying that the devices are unmodified and were certified by Google.

Organizations using Android Work Profiles (formerly known as "Android for Work") can turn on a "Threat Scan" function for Android devices to check the security of applications. It's done via the "Device Restrictions" setting in Intune under "System Security."

Google Play Protect solutions have been around for a while, but they may not offer the best protection. For instance, Sept. 2017 stats published by AV-Test showed that Google Play Protect 8.1 offered the worst protection among 21 Android security solutions tested.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Previews Whiteboard Support in Teams Rooms Devices

    A preview of a new Microsoft Teams Rooms feature will enable organizations to use images of physical whiteboards as a dynamic space for videoconferencing.

  • 2019 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss this year.

  • Microsoft Warns of Heightened Threat of 'BlueKeep' Attacks

    Older Windows systems using Microsoft's Remote Desktop Services are at acute risk of remote code execution attacks due to the "BlueKeep" vulnerability.

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.