How to apply policies to ensure maximum security on corporate Android devices? 

Description

For organizations providing Android devices to its employees as a part of their workforce, ensuring maximum security becomes imperative. MDM provides you with a list of restrictions and/or policies to ensure the managed devices are secured to the maximum, which ultimately also improves productivity to an extent.

Steps

  • On your MDM server, click on Device Mgmt from the top menu and select Profiles from the left menu.
  • Select Android from the dropdown, provide a name to identify the profile and click on Continue.
  • Click on Restrictions, from the list of available policies.

       Security by restricting/managing device features and functionalities

  • There is a dedicated security module containing restrictions which can disable device features/settings such as factory reset, installation of non-market apps etc., In addition to this, there are restrictions in other modules, which can fortify device security and are listed below.
  • Under Device Functionality, disable the option of manual OS upgrades. This ensures buggy OS updates do not affect the security or your productivity. You can then enable automating OS updates using MDM, which ensures the OS on the devices get updates based on your requirements.

       Security through user account management

  • You can also choose to disable adding of accounts, to prevent any further addition/modification of accounts on the managed devices. You can however still configure accounts on the managed devices using MDM policies. For example, if you want to add an E-mail account, you can do so by configuring E-mail policy. For installing apps, you can automate both addition of arbitrary Google account and installation of corporate apps.
  • Under Miscellaneous module, ensure you restrict the option of adding users, to prevent Guest users to be added to the devices.

       Security through data protection

  • It is recommended you enforce Storage Encryption and SD Card Encryption, to ensure data security.
  • Under Application module, ensure you restrict user uninstalling apps or installing apps not distributed via MDM.
  • Under Network and Roaming module, ensure you enable the option of devices connecting to only those Wi-Fi connections distributed by MDM.
  • Once done, save and publish the profile. You can then distribute it to devices and/or groups.

You can know more about configuring the other restrictions here. Further, you can ensure only managed devices can access Exchange, using Conditional Exchange Access. Once this is done, the devices to which the policies have been associated will have maximum possible security. In addition to this, you can also audit them using the Asset Management module, further manage the apps using the App Management module and securely distribute documents to the managed devices using the Content Management module.