Microsoft recently announced that they have added Workplace Join support for Android devices. To enable that support, they have updated Android Azure Authenticator application that includes includes both Multi-Factor Authentication and adding a “Work Account” (the end-user facing term for an Azure AD Account) to Android devices.
The Android Work Account will register the device with the Azure AD Device Registration Service. Using devices registered with this service, you can configure conditional access policies to on-premises resources now. Also, Employees will also benefit from Single Sign-On (SSO) across all the mobile applications that use Active Directory Authentication Library (ADAL) to authenticate with AD.
Employees can install the Azure Authenticator app from the Google Play Store. Using the app, there are two ways to add create work accounts. The easiest is to go to the Accounts Settings and add an account by clicking “Work Account” on that page.
Azure Authenticator for Android application provides these two sign-in options:
Multi-Factor Authentication allows you to secure your work or school accounts with two-step verification. You sign-in using something you know (for example, your password) and protect the account even further with something you have (a security key from this app). The Azure Authenticator app notifies you of a pending two-factor verification request by displaying an alert to your mobile device. You need to simply view the request in the app and tap verify or cancel. Alternately, you may be prompted to enter the passcode displayed in the app.
Work Account allows you to turn your Android phone or tablet into a trusted device and provide Single Sign-On (SSO) to company applications. Your IT administrator may require you to add a work account in order to access company resources. SSO lets you sign in once and automatically avail of signing in across all applications your company has made available to you.