Deep Dive – Android Device Management with Android Enterprise

This guide explains all that there is to know about Android device management. It explains what Android Enterprise is, who needs to be using it and what potential Android Enterprise’s most important features possess.

Thanks to Android device management, Android devices serve a secure companion for everyday work.
Thanks to Android device management, Android devices serve as secure companions to everyday work.

Overview:

Introduction: The Power of Android at Work

Android, Google’s incredibly powerful mobile operating system, is secure, feature rich and supported by the world’s largest app distribution platform, offering access to over a million apps.

No wonder then, that businesses and organizations worldwide are using Android devices to increase productivity, whether for workers operating on the move, on the shop floor, in the warehouse or in the classroom.

However, using consumer-grade mobile devices for professional purposes can bring about its own challenges and risks.

Via a framework of management APIs, called Android Enterprise, and a mobile device management solution (MDM) that uses this to leverage Android’s built-in management features, it’s easier to turbo-charge productivity while keeping Android device management simple.

Why Is Android Device Management So Important?

There are several overarching aspects that make the Android Enterprise management features very important to businesses, organizations, or educational institutions.

First there are the security considerations: Satya Nadella claimed at Microsoft Ignite 2019 that there will be 50 billion devices connected to the internet by 2030 and that cybercrime costs amounted to 1 trillion dollars just last year.

Employees can sometimes be inadvertently responsible for these costs. For example, workers regularly bring mobile devices to work and open documents, emails or make business calls – regardless of whether it is actively encouraged or not. This alone poses a minimum of two risks.

  • Smartphones, like all other endpoints, are vulnerable to malicious attacks. Employees can download unsafe apps from untrusted app stores, unaware of what connections these apps have with outside servers and what information they are capable of extracting. If unencrypted Wi-Fi connections are used on the move, these devices can open the door for company data to be intercepted and accessed.

  • Business-sensitive data, login credentials and similar can accumulate on personally-owned devices. For some industries that handle sensitive data on regular basis, unmanaged smartphones can quickly infringe internal IT compliance and other legal requirements. Furthermore, most IT decision makers will already be familiar with international obligations imposed by GDPR and know that unprotected personal data can lead to heavy fines. Add this to the fact that devices are often lost or stolen, and a major risk develops.

A basic Android device management solution is capable of massively reducing these dangers. However, device management should not just be completely focused on security. It can also be leveraged to simplify the processes that bring together end users, mobile devices and company infrastructure into a cohesive and productive ecosystem. Let’s take a look at an example scenario:

  • Imagine that the decision has just been taken to roll out 250 mobile devices across the workforce so employees can work easily on the move. Custom apps need to be installed on each device. Each user needs to be able to access their emails too. Some devices require extra policies or connection settings. Consider the amount of resources required to manually implement these changes across a large scale, alongside the room for error without automation.

  • Now, expand this further into the phase where dozens of users are already using Android devices at work. A new situation arises which forces a change to be implemented on some or all devices: perhaps a new app should be made available for devices belonging to a specific department. Or some devices require an operating system update or need to be reset. How do you carry out the implementation?
    What if there was an efficient, remote way for the IT department to take care of this? A way which automates device setup, and makes it easy to apply new configurations, install new system updates and handle app distribution remotely, even for multiple devices?

The two crucial tools needed to minimize the security risks and administrative headache posed by non-managed Android devices are an MDM solution and Android Enterprise.

What Is Android Enterprise?

Essentially, Android Enterprise is a common framework of management APIs (application programming interfaces) from Google that MDM providers use to develop programs to communicate to and control the individual components in an Android device (like camera usage, changing a wallpaper or copying and pasting text).

It has seen a lot of changes since its first release in 2014, back when it was called Android for Work.

Now it offers a wealth of different features and capabilities that enable the secure and flexible management of Android devices in the enterprise.

Android Enterprise: The Main Security, Management and Productivity Features

1. Device Selection Made Easy with Android Enterprise Recommended (AER)

Google has made selecting optimal devices for enterprise uncomplicated, thanks to its online portal called Android Enterprise Recommended. Now decision makers looking for the right hardware can simply look for the Android Enterprise Recommended status. AER devices are great for professional use because they:

  • receive regular 90-day security updates.
  • support the current operating system release and are guaranteed to receive the next major upgrade too (example: an AER device that shipped with Android 9 Pie will also receive the Android 10 upgrade).
  • must meet recommended minimum device specifications for business use (e.g. drop test integrity for rugged devices) and support the latest MDM enrollment options (e.g. zero-touch).

2. Automated Enrollment with Android Zero-Touch

Once a device is selected, Android Enterprise needs to be enabled on the device. This process of “enrolling” Android devices is ideally done with Android zero-touch enrollment. Here are the key benefits at a glance:

  • Zero-touch enrollment is faster than manual enrollment, as more of the process can be automated and simplified. It is therefore great for large-scale deployments or corporately owned devices.
  • In a single transaction the reseller – from whom you purchase your devices – can create your accounts and enroll devices for zero-touch.
  • Zero-touch enrollment also acts as an added safeguard in the event of device theft, as users cannot remove the MDM-profile from the device, even after a hard reset. This is an important feature, particularly during the period of time between a device loss and the point where the MDM’s “Lost Mode” setting is activated on the device.

We went into more depth on how Android zero-touch enrollment works earlier in another post.

The Android Work Profile, and important Android Enterprise feature
The “Personal” and “Work” tabs allow users to quickly switch between both profiles

3. Work and Play Combined with Android’s Work Profile

The Android work profile is the innovative way to keep work data separated from personal data, giving businesses the security they need. Acting as a “container” on the mobile device, the Android work profile improves security and the end user experience:

  • It allows for two instances of the same app on mobile devices. Work apps are given a briefcase identifier (see image), so workers can easily separate work apps from personal apps.
  • Enterprise data cannot be transferred into the personal side of the device. This is an essential mechanism that prevents privately installed apps, like Whatsapp, from being able to access this data.
  • IT admins can effortless delete the work profile and its data if a device is no longer used by an employee or if the device becomes lost or stolen.

You can learn how to set up the Android work profile and why on Cortado blog.

4. App Management with Managed Google Play

The Google Play store contains vast numbers of apps that employees and businesses can take advantage of. However, as a consumer-orientated portal, it is not perfect for business use.

Managed Google Play is a version of Google Play that is designed to meet the security and deployment demands that are specific to business contexts. In enables businesses to:

  • Search for apps and push them over the air to users’ devices.
  • Ensure that only whitelisted apps are available for employees to download.
  • Convert web-URLs into web apps and deploy them just like other apps.
  • Organize apps into collections for different departments.
  • Upload and easily deploy private, company-developed apps.

All the features of managed Google Play, like browsing for apps, can be done within a compatible MDM program and are explained on our blog.

How to Manage Android Devices with MDM

An mobile device management solution (the term MDM is often used synonymously with EMM) is the piece of software where administrators can implement their Android device management needs.

Using the Android device management features described above, IT admins can deploy multiple Android devices to employees, furnish them with the necessary apps, and make sure that they are securely configured for business use.

Depending on whether the Android device is personally or corporately owned, and what its intended purpose is, different management strategies are common, each with their own advantages:

COBO, COPE, BYOD: Managing Personal Devices vs. Corporately Owned

Three common deployment strategies in Android device management: privately-owned BYOD, corporately owned devices with personal use enabled and dedicated kiosk devices.

Newcomers and IT admins already familiar with mobile device management can read this free best practice guide on Android device management with MDM, for an in-depth look at optimal configurations and setup procedures.

Android Device Management: The Key Takeaways

This guide to Android device management has attempted to show that managing a fleet of Android devices is neither complicated nor superfluous.

With an MDM solution and Android Enterprise, all aspects of Android device management – from enrollment, deployment and group configuration – is kept very simple. Thereafter, company decision makers can reap the benefits of the latest mobile solutions by improving remote working, taking advantage of innovative apps and by improving data security. Meanwhile the IT team responsible for their administration no longer needs to be burdened with time-consuming setups or configurations that require the device in the hand.  


Get Started with Mobile Device Management

Simply start your free, 14-day trial of Cortado MDM and register for Android Enterprise in the MDM console (as explained in our quick start guide).

Start your free trial now»


Comments are closed.