Android Enterprise (previously known as Android for Work) was introduced in Android 5.0 as a bridge for making Android devices enterprise usage ready by integrating with mobile device management solutions. Employees having previously used Android devices personally had virtually no learning curve, as they’re working on OS they’ve previously had experience with. Android Enterprise device management provides mobile device management solutions with extensive set of features which improves both productivity and security in the enterprise.
Let’s look at the various features provided by Android Enterprise management across various stages of mobile device management:
Android Enterprise management provides you with various methods to enroll devices in bulk without any user intervention and minimal admin action. These enrollment methods help in quicker onboarding and faster deployment to the production environment.
This enrollment method is ideal the devices are corporate-owned, aiding in large scale deployment of devices in bulk while requiring minimal admin/user intervention. All that is needed is a one-time setup where you add details of the devices to be enrolled onto the zero touch portal which then gets enrolled out-of-the-box on device activation. You can also automate the process of adding devices by providing reseller details on the portal. This ensures any device purchased from the reseller gets automatically added to the portal providing a complete automated enrollment experience. Zero-touch enrollment is supported for specific devices purchased from specific resellers. Click to know more about Zero-touch enrollment
This enrollment method is ideal if the devices are in the hands of the users. This method also requires minimal admin intervention as the enrollment is carried out by the users. All that the admin needs to do is to share the EMM token and a QR code. The DPC token is provided by Google to uniquely identify the MDM solution while the QR code is used for identifying the server. This method can be used as an alternate for Zero-touch enrollment as unlike Zero-touch enrollment, EMM token enrollment can be used to enroll any device running Android 6.0 or later. Click to know more about EMM Token Enrollment.
Also, enrolling a device via EMM Token or Zero-touch provisions it as work-managed device (previously known as Device Owner) implying complete device management, whereby the entire device can be managed by the enterprise. This is ideal for corporate devices. MDM also supports multiple methods of provisioning devices as Device Owner.
In case of personal devices, you can enroll them via Invite or Self Enrollment, which provisions devices as managed work profile (previously known as Profile Owner). This was ideal for BYOD/personal devices. Work Profile separates the corporate data and the personal data on the device via containerization. A logical container is created which acts as the corporate workspace over which the enterprise has complete control (hence the name Profile Owner). While the enterprise has complete control over the corporate workspace, it has zero control over the personal space, thereby maintaining data privacy. The logical container essentially sandboxes the corporate data preventing unauthorized data access/sharing. There is the option of running an enterprise and personal version of the same app (with the enterprise version indicated by a red or blue briefcase) and no data sharing possible despite both versions of app co-existing in the same device.
In addition to quick and easy onboarding, one major benefit with setting up Android Enterprise device management is the extensive support for policies and additional restrictions in policies. There is support for additional policies such as Kiosk, Enterprise Factory Reset Protection, etc, with support for additional restrictions such as disabling microphone, camera, clipboard sharing etc, ensuring devices adhere to organization’s security and compliance standards. Similarly, you can also configure a dedicated passcode only for the container further bolstering security. Click here to know the list of all policies available for Android
Managing apps is one of the most common tasks for an IT admin - right from installation to update to deletion, the entire lifecycle of an app needs to be handled by the organization and Android Enterprise mobile device management lets you perform these tasks with ease.
In case of silent app installation/update/deletion, integrating Android Enterprise (formerly known as Play for Work) with MDM ensures you can install apps without requiring Play Store to be configured. Google automatically creates arbitrary Google accounts, to which the apps get associated while ensuring you need not create individual accounts for each user/device or even configure Play Store. Once distributed from MDM, the apps (enterprise/store) can be automatically installed without any user intervention. Similarly, the apps can be updated/deleted without requiring user intervention.
The advantage with Android Enterprise mobile device management is that it lets you build your own enterprise app catalog, containing only those apps approved by the enterprise and preventing users from installing other apps. Further, it also lets you customize the Play Store layout making it easier for employees.
In case of personal devices, provisioning them as Profile Owner creates two versions of the Play Store - one is configured with the arbitrary Google account with only enterprise approved apps while the other is the personal Play Store configured with the device user’s personal account. It is the enterprise version of the Play Store which exists within the container, thereby ensuring no unapproved apps can be installed within the container nor can there by any unauthorized data sharing between the two versions of the app or other apps.
With Android Enterprise device management, Google also devised solution sets for MDM solutions: