How to manage company owned devices?
Learn more on how to manage company-owned devices with Hexnode UEM.
Get fresh insights, pro tips, and thought starters–only the best of posts for you.
Jul 12, 2021
12 min read
If I say Android is the leading choice for smartphones in the market, you would probably think – No surprise there! In 2021, seventy three percent of all the smartphones used around the world run on Android. This is no small number! We can safely claim that today, Android is the most popular operating system in the world. When our world is changing into a mobile world, it stands to reason that Android devices are deployed in organizations and enterprises too. There are Android smartphones optimized for business use-cases and then there are personal devices that employees could use for work too (BYOD). The IT manager must manage all these devices, mobile and in transit, without compromising the data, device, user, network or application security. Android device management takes care of exactly that.
Who is this blog for? This blog is for all IT managers, admins, executives and everyone who need to manage Android devices or are simply interested to know the hows and whats of Android device management.
Before getting into how to manage your Android devices, you need to be familiar with some related terms:
Android Enterprise: Android Enterprise is an initiative by Google for enabling the use of Android apps and devices in businesses. This program enables UEM solutions to manage Android devices.
Android Enterprise Recommended: This is a list of devices that are recommended by Google. These devices satisfy enterprise-specific standards. The Android Enterprise Recommended devices go through rigorous testing against the requirements of Google.
Google Workspace: If you are an admin, you are probably more familiar with the term G Suite. G Suite and Google Workspace are one and the same. G Suite got rebranded to Google Workspace in October 2020. Google Workspace is a set of productivity tools and services that powers around six million businesses around the globe.
Company-owned devices: Just like the name suggests, these are devices that are owned by the organization.
Managed Google Play Account: Right from the mouth of Google, “Managed Google Play Account is a set of users, devices, and administrator accounts that are used to manage apps for your users.” The Managed Google Play allows the admin to provide the users with a custom app Store in their Android devices.
For Android, there are quite a lot of ways to enroll and deploy devices with Hexnode. This includes:
Majority of the managed devices are enrolled with Android Enterprise as a profile owner or device owner. The profile owner is for BYOD devices. As we discussed before, a work profile is created in this mode. The device owner mode gives complete administrative privileges to the organizations. Only devices that are owned by the organization should be enrolled using this method,
The zero-touch enrollment methods allow for out-of-the-box enrollment without any manual intervention. This is quite useful when you are just directly shipping the devices to your remote employees.
What is device management without app management right? A mobile device like Android runs on apps, and it is important that the admins get a say in what gets installed and what does not. Hexnode admins get more than a say, let’s see how.
That’s right, you can silently install or uninstall the applications on managed devices with zero user intervention. Of course, such an awesome feature would be subject to certain conditions. Silent app installation is only possible for devices that are enrolled in Android enterprise program. The in-house enterprise apps can be silently installed in Samsung Knox, LG Gate, Kyocera, rooted Android, devices with Hexnode system app and devices that are enrolled as device owner in Android enterprise. For all the other devices, the user would get a notification to install the specified applications.
Blacklist or whitelist applications to prevent user access to potentially dangerous or unwanted apps. Some apps simply need to be blocked because they serve no purpose except for distracting the employees from work.
Instead of deploying the apps yourself, you can deploy a customized Play Store for managed devices. This can be done by creating App Catalogs in your Hexnode web console and then deploying it to the target devices via policies.
While some apps aren’t needed, some apps are absolutely essential. Make such app mandatory with Hexnode. If these apps are not already installed in the device, Hexnode would attempt to install the apps in the device. For some reason, if the apps are not present on the device, then the device would be marked as non-compliant and the admin can take the appropriate action.
How great would it be if you just just pre-configure all the app permissions and configurations before it is installed in the device? Well, you can actually do that for Android devices with Hexnode. The permissions and configurations would be automatically present when the apps gets installed on the devices.
The whole purpose of managing devices is security. Okay, maybe not the whole purpose, but definitely a large part of it. So, how can you secure a managed Android device? It really depends on the security requirements of the organization. However, we have listed out a few ways that would be useful to secure managed Android in general.
The simplest and often the most effective method to secure your device is to configure a strong password. If the password is not strong enough, it is not very hard to crack it with the primitive brute force method. For example, if it is an eight-character password like “password”, it would not take even a millisecond. Now, a password that combines upper-case, lower-case, numbers and special characters would be strong enough to withstand the brute force attack. For instance, a password like “Blackbird@123” wouldn’t be that easy to crack.
So, what can you do as the IT admin?
Configure stringent password policies that forces the user to configure strong passwords in the device. This can be done in the Hexnode web console. Push these policies to all the managed devices and check password security off from your security checklist.
What about personal devices?
BYOD! Those are personal devices! Can you really force password policies to the personal devices? Even if you can, is it ethical?
As mentioned before, a BYOD Android device should be enrolled in the profile owner mode with Android Enterprise and Hexnode. In such a situation, the Hexnode admin is not managing the whole device, just the work container. The password policies can be configured specifically for the work container.
Certificates are a great way to secure and authenticate users to access the corporate resources like VPN, Wi-Fi and more. The IT admins can deploy identity certificate to the managed Android 5.0+ devices with Hexnode. The certificates would be silently installed in Samsung Knox devices and devices that are enrolled using Android Enterprise program.
While caring for the device and user security, it is important to take care of the network security too. With Hexnode, configure and deploy Wi-Fi networks so that the end user gets automatically connected to the network without needing to know the password. You can also configure VPN remotely for securing the flow of data in the network.
Just like app blacklisting and whitelisting, it is often necessary to filter websites too. Use the web content filtering feature to block user access to any potentially harmful websites.
Some updates need to be installed immediately while we may prefer to wait for some others. Schedule OS updates for Android with Hexnode. You can choose to update automatically, update in inactive hours or postpone the updates upto 30 days.
Kiosk mode is a special mode in which the Android device is locked down into applications as specified by the admin. The user has no access to any device settings or any other apps unless the admin allows it. The kiosk mode is useful for converting your normal Android device into a purpose-oriented device – for instance, information kiosks or a restaurant kiosk.
Hexnode allows its admins to lock down the managed Android devices into kiosk mode. They can lock the devices down into a single app, or a set of specified apps, or even videos and images. The devices locked into videos or images would work as a digital signage display.
Android device management includes content management. Hexnode admins can upload the files to the Hexnode file repository and deploy it to the managed Android devices on designated locations.
We are all familiar with the terms such as remote work, work from home and hybrid work thanks to the recent trends. When remote devices are a part of organization, remote management becomes important too. Everything we discussed so far can be done remotely. Hexnode has a few more remote management friendly features:
View what’s happening on the device end live in the Hexnode web console with the Remote View feature.
For Samsung Knox devices, the functionality doesn’t stop at Remote View. The admins can also remotely control the device while viewing the device screen from the Hexnode web console.
This feature allows the admin to launch an application in the managed Android device and define conditions of its exit. For example, the admin can specify the time for which the app should remain open. The admin can also give the users control to exit the application when they are done using it.
If the user can’t find the device and the device volume is turned off, use the Remote Ring feature to play a sound on the device.
Send custom broadcast messages to managed Android devices with wildcards like %devicename%, %name%, %email% and more.
The admins can set the incoming call ringtone of Android devices remotely.
If the users somehow end up forgetting the password, or if you have a locked device whose previous user no longer works at the company, clear the password of the locked device with this remote action.
If the device is lost or if the user left the organization, you may need to wipe the device. Remotely wipe the device with a single click from the Hexnode web console.
Wiping is not the only option for a lost device. Track device location with the location tracking feature. Combined with dynamic grouping and geofencing, you can even apply location-specific policies to the devices.
Monitoring and limited data or Wi-Fi usage ensures that the users are not wasting data. Reduce data costs by configuring device-specific or app-specific limits for data or Wi-Fi usage. The admin would get notified if the limits are exceeded. You can also restrict the user from using data or Wi-Fi once the user exceeds the limits.
Android device management is huge. The possibilities are endless. One thing we can say for certain is that Android for business and work is only going to grow. We did try to cover everything important related to Android device management in this blog, but the best way to get started is definitely by doing it.
Uncover the secrets of Android device management with Hexnode.30-Day Free Trial