In-Depth Guide to Managing Android Updates with Microsoft Intune (2025)

By /

In-Depth Guide: Managing Android Updates with Intune Configuration Profiles and FOTA

Managing updates on Android devices is crucial for keeping your organization secure, compliant, and running smoothly. Microsoft Intune provides two main ways to manage Android OS and firmware updates: configuration profiles (system update settings) and Firmware-Over-the-Air (FOTA) deployments. Here’s a deep look at how these methods work, what options you have, and how to set them up.

What Are Android Update Policies?

Android update policies define how and when OS and firmware updates are applied on your devices. These policies are supported for Android Enterprise enrollment types—including Fully Managed, Dedicated, and Corporate-Owned Work Profile devices. You can use configuration profiles inside Intune for most settings, and pair with OEM-specific tools for firmware control.

Configuring Android System Updates with Intune

Device Restrictions Configuration Profile:

  • Go to the Intune Admin Center
  • Path: Devices → Android → Configuration profiles → Create profile
  • Select Platform: Android Enterprise
  • Profile type: Device Restrictions

Update Options:
You can choose how devices receive OS updates:

  • Device Default: Follows the device manufacturer’s behavior.
  • Automatic: Installs updates without any user interaction as soon as possible.
  • Postpone: Delay updates for up to 30 days. Handy if you want to prevent disruption but still enforce timely updates.
  • Windowed: Updates happen inside a defined maintenance window (for example, overnight or during non-peak hours).

To apply system updates automatically, devices typically need to be:

  • Connected to Wi-Fi
  • Charging
  • Idle

This ensures minimal disruption for end users.

Firmware-Over-the-Air (FOTA) Deployments

What is FOTA?
FOTA lets IT admins push firmware updates (security patches, new features, OEM enhancements) to devices wirelessly. This is especially useful on rugged or specialty devices from vendors like Zebra or Samsung.

FOTA Requirements:

  • Devices must be enrolled in Intune Plan 2 or Intune Suite
  • Supported OEM integration (for example, Zebra LifeGuard, Samsung E-FOTA)

FOTA Deployment Steps:

  1. Go to your OEM’s FOTA management portal (e.g., Zebra or Samsung Knox E-FOTA).
  2. Select the firmware version to deploy.
  3. Define the update schedule: deploy immediately or defer to a specified time.
  4. Set device requirements: must be on Wi-Fi, charging, or idle.
  5. Push the update and monitor the results in the OEM dashboard or through Intune if integrated.

Zebra LifeGuard for Android

Zebra LifeGuard extends the firmware support period and provides regular security patches for Zebra’s Android devices.

  • Security Patch Delivery: Gets Google and Zebra-specific patches.
  • OS Transition Support: Helps with updates across Android versions during extended support periods.
  • Over-the-Air Delivery: Works with Intune, so you can automate OTA firmware updates.
  • Update methods: Can be silent (in the background) or manual using Zebra tools.

Samsung E-FOTA

Samsung E-FOTA gives control over which firmware/OS versions are installed, essential for environment compatibility or compliance.

  • Version control: IT chooses the firmware or OS version to deploy.
  • Silent forced updates: No user involvement needed; updates just happen.
  • Scheduling: Set update times to avoid disrupting business.
  • Pilot testing: Deploy to test groups, then broad rollout.
  • Full EMM Integration: Works seamlessly with Intune for management and automation.

Deployment Workflow

Using Intune Configuration Profiles

  1. Configure Device Restrictions profile in the Intune Admin Center.
  2. Select the right device groups (fully managed, dedicated, etc.).
  3. Choose update strategy (automatic, postpone, maintenance window).
  4. Assign policy.
  5. Monitor deployment and compliance.

Using FOTA

  1. Use the OEM’s web portal or Intune’s OEMConfig integration.
  2. Pick your firmware version and target devices.
  3. Define schedule and requirements.
  4. Deploy and track updates using OEM dashboards or via Intune integration.

Monitoring and Reporting

  • Use Intune’s Reports to track compliance and update status of each device or group.
  • Use OEM dashboards for detailed FOTA deployment progress and troubleshooting.
  • Always confirm update settings on a device and check system update history for accuracy.

Key Points for Enterprise Readiness

  • Know the differences: OS updates (Intune profile) vs. firmware updates (FOTA/OEMConfig).
  • FOTA needs the right license and OEM support.
  • Each Android Enterprise enrollment type has its own capabilities—BYOD devices can’t be forced to update via policy.
  • Scheduling, maintenance windows, and postponement periods protect productivity.
  • Keep documentation for process auditing and troubleshooting.

Resources for Further Reading

With these tools, Microsoft Intune puts you in control of Android updates across your fleet—whether you need basic OS policy enforcement or robust, manufacturer-driven firmware deployments. This ensures better security, reduced downtime, and total policy control over your device ecosystem.

LinkedInCopyPinterestRedditTelegram

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by
Scroll to Top