Microsoft Intune Can Now Tap Google Play Protect for Android Devices

The Microsoft Intune mobile management service can now include security protections for Android devices enabled by Google Play Protect services.

Google Play Protect, rolled out in May, is Google's rebranded trio of security protections for Android mobile devices. The service provides device-level and boot protections, an application checking service that uses machine learning for detecting unexpected app behaviors, plus protection capabilities for lost devices.

Intune users, as of Nov. 15, can turn on controls for Google Play Protect within the Intune management portal, according to Microsoft's announcement. It's enabled by two APIs and a service that checks security-provider communications channels. The "SafetyNet Verify Apps" API is used to check for malicious applications. The "SafetyNet Attestation" API is used for verifying hardware details, including a device's profile based on its hardware and software.

Google Play Protect options appear via Intune's "Android Compliance Policy" settings under "Device Health." Intune users can create a policy for Android devices that includes these options as a compliance check.

On the hardware attestation side, Google Play Protect has two options: "basic integrity" and "basic integrity and certified devices." The first option, basic integrity, looks for signs of "rooted devices, emulators, virtual devices, and devices with signs of tampering," according to Microsoft. The second option, basic integrity and certified devices, includes the basic integrity check while also verifying that the devices are unmodified and were certified by Google.

Organizations using Android Work Profiles (formerly known as "Android for Work") can turn on a "Threat Scan" function for Android devices to check the security of applications. It's done via the "Device Restrictions" setting in Intune under "System Security."

Google Play Protect solutions have been around for a while, but they may not offer the best protection. For instance, Sept. 2017 stats published by AV-Test showed that Google Play Protect 8.1 offered the worst protection among 21 Android security solutions tested.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Azure Active Directory ID Protection 'Refresh' Now Available

    Microsoft's enhancements to the Azure Active Directory Identity Protection service are now said to be "generally available" (GA), or ready for commercial use, per a Wednesday announcement.

  • Microsoft Releases Windows 10 Version 1909

    Microsoft on Tuesday announced the release of Windows 10 version 1909, a new operating system product that's also known as the "Windows 10 November 2019 Update."

  • November Microsoft Security Bundle Addresses 75 Vulnerabilities

    Of that number, 13 vulnerabilities are rated "Critical" to patch, while 62 vulnerabilities are deemed "Important."

  • The Future of Office 365 Pricing

    With a raft of new Office 365 features in the pipeline, Microsoft also seems ready to change the way it bills its subscribers. Will it replicate Azure's pay-per-use model, or will it look like something else entirely?

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.