Android Restrictions - Android Configurations | ManageEngine Mobile Device Manager Plus

Android Configurations and Restrictions

With ManageEngine MDM providing a whole suite of options for Android device management, there are high chances you might not know what is the most ideal option for enrolling Android devices. Here, we'll see what are the various options for managing Android devices available in MDM.

The most common parameters used for selecting the optimal enrollment method are:

Device Type
Device OS

The two major Android device types are:

Samsung devices

It is recommended to enroll Samsung devices using Knox mobile enrollment for Samsung devices. Knox Mobile Enrollment is a method provided by Samsung, for simplifying the enrollment and deployment of Android devices.

Advantages of Knox

Simplified Setup
Mandatory MDM management
Out of the box enrollment
Restrict MDM removal

You can choose to enroll Samsung devices using Knox mobile enrollment, irrespective of the OS version if they are Knox-capable. You can view the list of Knox-capable devices in these links(Link #1, Link #2 and Link #3). Additionally, you can also choose to enroll Samsung devices using EMM Token and NFC Enrollment for bulk enrollment and in case of user-based enrollment, you can prefer Self Enrollment or Enrollment by invite.

Non-Samsung devices

In case of Non-Samsung devices, you can enroll devices based on the type of management you want. You can choose between Container Management andComplete Device Management

Container Management

Ideal for personal devices, whereby a logical container is created for demarcating the corporate and the personal data. The container gets automatically created when the device is provisioned as Profile Owner, when enrolled via Enrollment via invite or Self Enrollment.

Advantages of Container Management

Isolate personal and corporate work space
Prevent unauthorized data access
Restrict corporate data sharing

Complete Device Management

Ideal for corporate devices, with the organizations getting to exercise full control over the device in addition to all the aforementioned benefits of containerization. This done when the device is enrolled as Device Owner.

Advantages of Complete Device Management

Silent app installation
Lock devices to specific apps/settings
Full support for policies/configurations. See the list of supported policies

To enroll a device for provisioning Complete Device Management,

If the device is running 6.0 or later versions, you can go for QR code enrollment
If the device is running 5.0 or above versions, you can go for NFC enrollment
In case you have devices running 5.0 or above versions without NFC, you can contact MDM support (mdm-support@manageengine.com) for complete device management.

Comparison between policies supported by devices

POLICY	SAMSUNG	NON-SAMSUNG
POLICY	SAMSUNG	Complete Device Management(Device Owner)	Container Management(Profile Owner)
Passcode	Supported	Supported	Supported only within the container
in Restrictions	Supported	Supported	Supported only within the container
Wi-Fi	Supported	Supported	Supported only within the container
E-mail	Supported	Not Supported	Not Supported
Exchange ActiveSync(EAS)	Supported	Supported. Learn how to setup EAS for Non-Samsung devices	Supported only within the container. Learn how to setup EAS for Non-Samsung devices
Kiosk/App Lock	Supported	Supported	Not Supported
Wallpaper	Supported	Supported	Not Supported
Global HTTP Proxy(GHP)	Supported	Supported	Not Supported
Certificate	Supported	Supported	Supported only within the container
Web Clips	Supported	Supported	Supported only within the container
Web Content Filter	Supported	Supported	Supported only within the container
Access Point Name(APN)	Supported	Not Supported	Not Supported