Features and Policies
Android Enterprise introduces features across different modules such as Enrollment, Profile Management etc., to ensure Android devices are modified to suit the needs of an organization.
The Android Enterprise-based features and configurations available in each of the modules are explained below:
Using Android Enterprise you can provision a device as either Profile Owner, which is ideal for Personal devices or as Device Owner, which is ideal for Corporate devices.
When a device owned by the corporate, the device is provisioned as Device Owner, as it implies the organization "owns the device" and exercises full control over the device. Device Owner provides additional features such as Restricting Factory Reset, Restricting SD Card mounting etc.,
When a device is a personal device, the device provisioned as Profile Owner, it implies the organization "own only the profile" while the employee owns the device. Provisioning a device as Profile Owner ensures a containerized Workspace profile which is demarcated from the personal profile. While the organization has full control over the Workspace profile, it has zero control over the user's personal profile. The advantages of using Profile Owner is there is no creation of a physical container in the device. Instead there is a logical container created and this container uses the Native UI already present in the device, which enables ease of use.
Android Enterprise provides multiple profile restrictions for Core Android devices irrespective of whether the device is provisioned as Profile Owner or Device Owner. However, provisioning a device as Device Owner provides additional features such as Restricting Factory reset, Restricting SD Card mounting etc., when compared to Profile Owner.
Some of the restrictions when a device is provisioned as Profile Owner includes:
- Configuring Exchange ActiveSync
- Preventing sharing of data from workspace profile to personal profile.
- Restricting installation/uninstallation of apps.
Provisioning a device as Device Owner provides all the restrictions available for Profile Owner as well as additional restrictions such as,
- Restrict Calling/Messaging.
- Restricting Factory Reset.
- Restricting SD Card mounting.
Refer this to know the complete list of restrictions available, when a device is provisioned as Profile Owner/Device Owner.
Android Enterprise redefines App Management with several additional configurations and features. From customizing Play Store to installing Play Store apps without user intervention, App Management helps in extensively catering to the needs of an organization.
Following are the Android Enterprise-based features under App Management:
Install Play Store apps silently without user intervention as explained here
You can now install Play Store apps without any user intervention, which implies you can install both Enterprise apps as well as Play Store apps without any user intervention using MDM. This is especially useful when installing apps in bulk to devices(both Personal and Corporate) as the installation starts as soon as the app is pushed to device and requires no further action from the user.
Note: Google has deprecated the workflow for managing paid apps through Managed Google Play. Therefore MDM doesn't support adding paid apps as Managed Google Play apps. Refer to this for details on paid app and in-app purchases.
App configurations and permissions
MDM supports modifying the permissions and configurations of specific apps. App permissions can be modified to ensure access to the permissions (access to Local Storage, Contacts etc.,) can be restricted. This is to avoid unauthorized access to the confidential data present in apps.
Apps can also be pre-configured before distribution to devices to ensure users need not configure the app every single time the app is distributed. This is especially useful as the changes done once ensures saving of time as the app needn't be configured every single time by the user.
Refer this to know how to modify app configurations and permissions.
Customize Play Store
MDM lets you completely customize Play Store according to the needs of the organization. From modifying the layout of the Play Store to restricting the apps to be displayed in the Play Store, the Play Store can be completely transformed resulting in Organization-specific Play Store.
Further, the Play Store can be customized for every user, such that only those apps distributed to the particular user are available in the Play Store.
The advantage of customizing Play Store is that it ensures only Organization-authorized apps can be installed in the devices.
Refer this to know how to customize Play Store.