Android Enterprise Management Explained

This guide looks at the management of Android devices in the enterprise, classroom and more. It introduces the Android Enterprise management features and how to use them.

Thanks to Android device management, Android devices serve a secure companion for everyday work.
Thanks to Android device management, Android devices serve as secure companions to everyday work.


Introduction: The Power of Android at Work

Android, Google’s incredibly powerful mobile operating system, is secure and feature rich. It is also supported by the world’s largest app distribution platform, offering access to over a million apps.

Businesses and organizations worldwide are using Android devices to increase productivity, whether for their users working remotely, or on the shop floor, in the warehouse or in the classroom.

However, if you want to use consumer-grade mobile devices for professional purposes, you should be aware of the challenges and risks.

With Android Enterprise management features and a mobile device management solution (MDM), it’s easier to minimize security risks and still turbo-charge productivity.

What Is Android Enterprise?

Essentially, Android Enterprise is a framework of management APIs (application programming interfaces) from Google. Mobile Device Management providers use these to enable management of Android devices.

IT admins can deactivate individual components on a device if needed (like camera usage, changing a wallpaper or copying and pasting text), quickly set up multiple devices for workers (like pre-installing apps and setting up e-mail) and more.

It has seen a lot of changes since its first release in 2014, back when it was called Android for Work.

Now it offers a wealth of different features and capabilities that enable the secure and simplified management of Android devices in the enterprise.

What Are the Security Risks?

Cybercrime costs amounted to 1 trillion dollars in 2018. Employees and their mobile devices can sometimes be inadvertently responsible for these costs. For example, workers regularly bring mobile devices to work and open documents, emails or make business calls – regardless of whether it is actively encouraged or not. This alone poses a minimum of two risks.

  • Smartphones, like all other endpoints, are vulnerable to malicious attacks. Workers can download unsafe apps from untrusted app stores. Sometimes they are unaware of what connections their apps have with outside servers and what information they are capable of accessing on the device. If unencrypted Wi-Fi connections are used on the move, these devices can open the door for company data to be intercepted and accessed.

  • Sensitive data and login credentials quickly accumulate on work devices, meaning unmanaged smartphones infringe internal IT compliance guidelines and other legal requirements. Furthermore, international obligations imposed by the European General Data Protection Regulation can lead to heavy fines. Add this to the fact that devices are often lost or stolen, and a major risk develops.

Mobile Devices also Increase the Management Overhead

That being said, the Android Enterprise management isn’t just about increasing security. IT admins use Android Enterprise to quickly integrate multiple mobile devices with existing company infrastructure. Let’s take a look at an example scenario:

  • Imagine that the decision has just been taken to roll out 250 mobile devices to help workers work remotely. Custom apps need to be installed on each device. Each user needs to be able to access their emails too. Some devices require extra policies or connection settings. Consider the amount of resources required to manually implement these changes across a large scale, alongside the room for error without automation.

  • Now, expand this further into the phase where dozens of users are already using Android devices at work. A new situation arises which forces changes to be made on all devices: perhaps a new app is developed or some devices require an operating system update. How do you implement the changes?
    What if there was an efficient, remote way for the IT department to take care of this? A way which automates device setup, and makes it easy to apply new configurations, install new system updates and handle app distribution remotely, even for hundreds of devices?

The two crucial tools needed are an MDM solution and Android Enterprise.

Android Enterprise Management: The Main Features

The right mobility strategy starts with suitable devices. Google has made selecting optimal devices for the enterprise uncomplicated, thanks to Android Enterprise Recommended. Now decision makers looking for the right hardware can simply look for the Android Enterprise Recommended status. AER devices are great for professional use because they:

  • receive regular 90-day security updates.
  • support the current operating system release and are guaranteed to receive the next major upgrade too (example: an AER device that shipped with Android 10 will also receive the Android 11 upgrade).
  • must meet recommended minimum device specifications for business use (e.g. drop test integrity for rugged devices) and support the latest MDM enrollment options (e.g. zero-touch).

2. Automated Enrollment with Android Zero-Touch

Once a device is selected, the Android Enterprise management features need to be enabled on the device. This process of “enrolling” Android devices is ideally done with Android zero-touch enrollment. Here are the key benefits at a glance:

  • Zero-touch enrollment is faster than manual enrollment as the process can be automated and simplified. It is therefore great for large-scale deployments or corporately owned devices.
  • In a single transaction the reseller can create your accounts and enroll devices for zero-touch.
  • Zero-touch enrollment also acts as an added safeguard in the event of device theft, as users cannot remove the MDM-profile from the device, even after a hard reset. This is an important feature, particularly during the period of time between a device loss and the point where the MDM’s “Lost Mode” setting is activated on the device.

We went into more depth on how Android zero-touch enrollment works earlier in another post.

The Android Work Profile, and important Android Enterprise feature
The “Personal” and “Work” tabs allow users to quickly switch between both profiles

3. Work and Play Combined with Android’s Work Profile

The Android work profile is the innovative way to keep work data separated from personal data, giving businesses the security they need. Acting as a “container” on the mobile device, the Android work profile improves security and the end user experience:

  • It allows for two instances of the same app on mobile devices. Work apps are given a briefcase identifier (see image), so workers can easily separate work apps from personal apps.
  • Enterprise data cannot be transferred into the personal side of the device. This is an essential mechanism that prevents privately installed apps, like Whatsapp, from being able to access this data.
  • IT admins can effortless delete the work profile and its data if a device is no longer used by an employee or if the device becomes lost or stolen.

You can learn how to set up the Android work profile and why on Cortado blog.

4. App Management with Managed Google Play

The Google Play store contains vast numbers of apps that employees and businesses can take advantage of. However, as a consumer-orientated portal, it is not perfect for business use.

Managed Google Play is a version of Google Play which meets the security and deployment demands specific to business contexts. In enables businesses to:

  • Search for apps and push them over the air to users’ devices.
  • Ensure that only whitelisted apps are available for employees to download.
  • Convert web-URLs into web apps and deploy them just like other apps.
  • Organize apps into collections for different departments.
  • Upload and easily deploy private, company-developed apps.

All the features of managed Google Play, like browsing for apps, can be done within a compatible MDM program and are explained on our blog.

How to Manage Android Devices with MDM

You can implement your Android Enterprise management configurations with an mobile device management solution (the term MDM is often used synonymously with EMM).

Using the Android device management features described above, IT admins can deploy multiple Android devices to employees, furnish them with the necessary apps, and make sure that they are securely configured for business use.

Depending on whether the Android device is personally or corporately owned and what its intended purpose is, different management strategies are commonplace:

COBO, COPE, BYOD: Managing Personal Devices vs. Corporately Owned

Three common deployment strategies in Android device management: privately-owned BYOD, corporately owned devices with personal use enabled and dedicated kiosk devices.

Newcomers and IT admins already familiar with mobile device management can read this free best practice guide on Android device management with MDM, for an in-depth look at optimal configurations and setup procedures.

Android Device Management: The Key Takeaways

This guide to Android device management has attempted to show that managing a fleet of Android devices is neither complicated nor superfluous.

With an MDM solution and Android Enterprise, all aspects of Android device management – from enrollment, deployment and group configuration – is kept very simple. Thereafter, it is easy to improve remote working, data security and take advantage of innovative apps. Meanwhile the individuals responsible for configurations aren’t burdened with time-consuming setups which require each device in the hand.  

Woman with smartphone at office desk.

Android Enterprise Best Practices

  • Three carefully crafted sets of configurations and policies for you to use
  • Recommendations for managing and configuring business apps
  • Best practices for password policies in your organization