Android emulation for endpoint Manager Admins

As every IT Pro knows, when you are working with managing devices its always best to have access to physical hardware for testing and playing around with. Many of us are use to having a bunch of virtual machines running windows on but what about Android ? In this article I will cover how to get one or more android devices running with Android studio in their Android Virtual Device Manager and some of the quirks and problems I encountered and how I solved them.

As mentioned above, it’s always best to have access to physical hardware but some times that’s not possible and the next best thing might be to run emulation. Or if you just want to start playing around with managing Android with Endpoint Manager in a lab environment this could be an option for you.


First thing we need to do is to head over to and download Android studio.

Running Android studio for the first time

  • Run Android studio
  • Open up AVD Manager
    • Either by clicking on the AVD Icon in the top right corner
    • you can also run AVD Manager from Tools -> AVD Manager

Click on “Create Virtual Device”

Here you can choose from a bunch of google devices, select the one want.

On the next selection you need to select a Image to use, you can choose from many different Android version. Not all version are installed by default and this means you need to click on “Download” before you continue.

Note. If you choose a Image that says “Google APIs” you don’t get the Google play store in the Image. If you want the Google play store, make sure to select a Image that says Google Play.

Give your AVD a Name and click on “Finish”

You have no created your device, next step is to start it up.

The play button in the action section runs the device (but does not start it), the pen gives you the option to edit and the down arrow gives you a few different options.

Start your Android device by clicking on the Power button on the top right corner of the device

Internet and Wifi

I had some problems getting the Wifi to connect on the AVD device to the Internet when I first started out. After some troubleshooting and a lot of trial error I got it to work and here are a few of the things I had to do to get it to work:

  • On the PC the AVD is running on, connect to Wifi and disconnect the cabled network
  • Add Google DNS in the network settings for the Wifi
  • In the proxy settings on the virtual device – have it set to “Use Android studio HTTP proxy settings”
  • Reboot the virtual device and reboot the physical machine your are running AVD on.

You now have your first virtual Android device up and running and time to play around with it.

Endpoint manager enrollment

With Android Enterprise and Endpoint manager you have essentially 4 different enrollment scenarios

  • Personally-owned devices with work profile
  • Corporate-owned dedicated devices
  • Corporate-owned fully managed user devices
  • Corporate-owned devices with work profile

To get our virtual / emulated devices enrolled there are some limitations when performing the actual enrollment. In the real world we would typically use Google Zero Touch, NFC or QR-code scanning but here we cant do that (at least at time of writing this blog post I havent found a way to do Zero touch, NFC or QR-scannig) however there are work arounds which I will cover next.

Lets start with the simplest one that would be the same as in the real world

Personally-owned device with work profile

This scenario works just like it would do in physical hardware. The end user downloads company portal from the Google play store, logs in and enrolls the device. Easy-peasy.

Corporate-owned enrollment

This step is the same for all the 3 different corporate-owned enrollment types when working with our virtual devices. In short, all of these 3 types requires a token. This token can be found in the Endpoint Manager portal once you created them. The token contains letters that we need to use. For example ABCDEFG

Copy the token or write it down, we will need the token to perform the enrollment on our virtual device. Follow the instruction below

  1. Create your virtual Android device in AVD
  2. Start it up for the first time
  3. Make sure your device has internet access
  4. Open up Chrome on the device
  5. Use the following link and insert your own token within the link

Follow the Instructions that appears.

Final thoughts

The way I’ve done it, is that I’ve created one virtual device for each scenario and enrolled them in to Endpoint Manager.

In AVD it looks like this:

And in Endpoint manager it looks like this:

During the time I’ve been working with these virtual devices there have been several times I had to reboot a device and sometimes I just had to recreate it because something was not working properly. But regardless I’m still really happy that this is a possibility but I can’t stress the importance of having physical hardware to work with. Virtual devices is good in a lab environment.

Don’t forget to follow me on twitter @timmyitdotcom


  1. Great article ! But when using fully managed scénario with Android studio i have an error saying “IT admin does not allow work profile”. No restrictions are set in Intune. Any ideas?

    1. So from the error message it sounds like there’s a device enrollment restriction in place. Have you allowed Android Enterprise enrollment ? Or are you only allowing Android device admin enrollment ?

      1. Both are allowed in device restrictions. I tried multiple time with android studio and fully managed but with no success

      2. Yes, in device restrictions both are allowed. I tried multiple time with android studio without success.

      3. Yes I did but when i try to launch the enterprise URL that you’ve mentionned i am unable to enroll the device. My tenant does not contain any restriction. Did you set specific parameters when created your android emulator ?

      4. No customization was done to the device in AVD, I just selected the device as shown in the article and then select the image that contains google play store. The only thing I can think of that I have in my tenant is that I have blocked device admin and only allows Android Enterprise for enrollment. Maybe try that ?

        Also, make sure your enrollment token is correct and added correctly in to the URL.

  2. Yes I did but when i try to launch the enterprise URL that you’ve mentionned i am unable to enroll the device. My tenant does not contain any restriction. Did you set specific parameters when created your android emulator ?

  3. Great article! What is your experience with the enrolment as dedicated device? In Intune the device OS is Android (dedicated) and I assigned a single app device restriction profile, but the result is a mix of greyed-out apps and personal apps that are still visible. Now I’m not sure if this is caused by a bad config or because it ‘s a virtual device?

  4. Anyone figured a way to enroll Fully managed devices? I have the exact same scenario

  5. I have the same issue – i cannot attach the debugger to a app running in the work profile when joining via the company portal app – and i cannot enroll a “Corporate-owned fully managed user device” – any ideas

Leave a Reply