Prior to Android Enterprise the market was flooded with inconsistent management capabilities across various Android manufacturers and app developers. Android Enterprise now offers a set of consistent features and APIs for device management and app management. Additionaly it securely separates corporate and personal data, or enables a purely corporately-owned profile without a user space (so called Containerization). Once provisioned, an Android Enterprise-enabled device no longer needs a Google account in order to install applications. More features are coming to Relution in future to expand capabilities and enable more management types. Google has been steadily adding enterprise management capabilities to the Android operating system, but it's not always clear how the tools and technologies differ from one another or how IT can effectively administer Android devices and apps with them.
Google renamed Android for Work Android Enterprise and expanded the product to include more robust enterprise features. Android Enterprise is an umbrella term that covers the wide range of security and management features available in the latest Android O
Google introduced this API in Android 2.2 to provide developers with device administration features at the system level. Although many organizations continue to use this API, it is no longer robust enough to meet today's security and management requirements. For example, the API cannot securely reset device passwords on encrypted devices or establish administrator-defined passcodes to lock a user out of a device. Instead, developers should transition to newer Android technologies when interfacing with the Android operating system (OS). Google plans to start depreciating Device Administration policies in the next Android release.
Android provides several APIs for working with the Android and Google Play ecosystems. One of the most important is the Android Management API, which vendors can incorporate into their enterprise mobility management (EMM) platforms to provide customers with tools to provision, secure and help with Android enterprise device management. For strong Android enterprise device management, IT teams should look for EMM products that take full advantage of these APIs, such as Relution.
Google supports several options to provision Android devices, such as using QR codes or near-field communication provisioning apps. With the release of Android 8.0 Oreo, administrators can also configure company-owned devices for zero-touch enrollment, which enables a device to automatically enroll itself in EMM when the device is first turned on.
The managed version of Google Play combines basic app store functionality with management capabilities to provide IT with a corporate app store option. Administrators can deploy and approve apps, purchase app licenses, manage permissions and carry out other management tasks. End users can browse apps, view app details, install apps on their devices and take other actions, similar to how they might use the public Google Play Store.
When the Google Play API is incorporated into an EMM product, administrators can specify which apps users can download, can control app installations, can manage bulk licensing and can perform a variety of other tasks. The API works in conjunction with Managed Google Play to support the entire app management lifecycle.
The Android Management API includes a number of features specific to app management. An EMM platform that incorporates the API makes it possible for administrators to provision work profiles, apply app-level management policies, secure apps and data, automatically install apps, prevent apps from being uninstalled, distribute public and private apps, and perform other administrative tasks.
A device policy controller is an application installed on an Android device that enables administrators to manage access to corporate apps and data. The controller works in conjunction with EMM to provision work profiles on personal devices and enforce an organization's security policies.
Administrators can use work profiles to support BYOD scenarios. A work profile is a
self-contained, fully encrypted workspace installed on the user's smartphone or tablet. The
work profile limits administrative control to the workspace rather than to the entire
device. It also contains corporate apps, data and policy settings within the profile
separate from personal information and operations.
Work Profile - Source: https://developers.google.com/android/work/overview
Formerly known as corp-liable device
A device owned and fully managed by an employee's organization. Company-owned devices can be
set up exclusively for work use (fully managed), or to allow both work and personal use
(fully managed with a work profile). For more information, see Company-owned devices for
knowledge workers.
Formerly known as corporate-owned, single use (COSU)
A subset of company-owned devices that are locked down a limited set of apps to serve a
dedicated purpose, such as a check-in kiosk or digital signage. For more information, see
Company-owned devices for dedicated use.
We have documented the whole process in detail in the manual in your Relution (version 4.43
or newer) by pressing the ? button in the main menu and navigating to "Documentation" -
Chapter 2 - Android Enterprise. Here is a short version: First of all, you need an unmanaged
Google account which is not associated with an organization within Google. Then you navigate
to Settings - Android Enterprise in the Relution Portal as an Organization Administrator and
follow the described steps.
Android Enterprise Setup Step 1
Android Enterprise Setup Step 2
Android Enterprise Setup Step 3
Now you can create an enrollment
with the type "Android Enterprise", like you know it from Relution. As before, you will
receive a notification or you can see the link and QR code in the Relution Portal, which is
needed to enroll the device. After navigating through the enrollment process on the device
itself, you will see a couple of apps with a suitcase icon at the bottom of the app icon.
These are the work apps, which are separated from the user profile.
Android Enterprise is a great way to manage devices or the business data on Android devices. We, as the Relution team, started with the most desired use case, the work profile as the first supported scenario, but we are working hard to support all of the above mentions scenarios. Continuously we will add more policies and actions for these types of devices.