Android 12 was announced at Google I/O 2021 in May of this year, promising significant overhauls of the Android platform from design to privacy. In this post, we’ll highlight some noteworthy changes that you should be aware of, and we’ll share some of what we’ve found from testing the latest beta builds of Android.
Our Microsoft Endpoint Manager app protection policy (APP) and mobile device management (MDM) teams have been hard at work making sure Microsoft Intune customers are supported on the new OS release. Most APP and MDM scenarios will continue to be fully compatible with Android 12. However, Google is making some significant changes in Android 12 that affect management capabilities available to Intune.
As we approach the official release of Android 12 later in the year (historically the major Android OS releases are often in late Q3/early Q4 of the calendar year), we will continue to update this blog post as we discover new items in our beta testing. We also encourage you to read through Google’s Android 12 change documentation to identify other changes that may be relevant to your organization. Keep us posted on what APP and MDM learnings you find from your beta testing too!
Removal of serial number, IMEI, and MEID on personally-owned work profile devices
Google is removing the ability for apps to access hardware identifiers on personally-owned work profile devices. The impacted hardware identifiers are serial number, IMEI, and MEID. For more information, see the Google developer documentation.
The removal affects the following workflows in the Endpoint Manager admin center for personally-owned Android Enterprise with work profile devices running Android 12:
- Serial number, IMEI, MEID and will no longer be visible in the Endpoint Manager admin center.
- Serial number and IMEI can no longer be used to identify devices as corporate.
- Certificates will fail to deploy if you use serial number, IMEI, or MEID variables in the subject and SAN of the certificate profile and the value is not populated. This may impact downstream systems that rely on these values in the subject and SAN of certificates.
- Network access control with certain NAC providers and third-party VPN providers may be affected. This may impact the ability of enrolled devices to connect to a corporate network. More information is coming soon in an upcoming article.