How Managed app configurations simplify Enterprise device management?
An overview of Managed configurations and their benefits for the enterprises
Our workspaces have never remained static; it has come a long way from the legacy Windows OS, accommodating many fewer known concepts, including the BYOD (Bring Your Own Device). With BYOD emerged the new trend of employees using their personal devices for work. Though it simplified the work of the employees, its challenges weren’t something that could be ignored. A need for effective work and personal app segregation and enterprise app management was what surfaced as an immediate consequence. For accommodating this trend, while ensuring security, Google began implementing APIs for extending its control over Android devices.
We then witnessed its rapid evolution from the Device Admin API to the Android for Work, launched initially as an optional solution that was then made a mandatory component for manufacturers. And it was this Android for work that was renamed to what we now know as the Android Enterprise.
Before we begin- A peek into some Enterprise terms
Android Enterprise has reduced the device management burden on the IT teams to a great extent. To dive deeper into Android Enterprise, it is important to familiarize yourself with some of its terms. Let’s have a look at some of these
Containerization
It refers to creating a separate work container within the device hosting the work apps and data. With this container in place, it is easier to manage the work data without affecting the personal files on the device.
Work profile
It is a separate space created in managed devices to host the work apps and data. Enterprises have full control over the data in this workspace. The personal apps and data, however, remain inaccessible to the IT team.
Profile owner
It is a device management aspect whereby the IT manages only the work profile, and the user has full control over all the other personal apps and data.
Device owner- Here, the organizations have full management control over the device. It is meant for corporate devices with a great emphasis on security.
Enterprise apps
These are organization-specific apps that are developed to meet the needs of their employees. The distribution of these apps is restricted to organizations and is not accessible through public platforms like Google Play.
How are Android devices used in an enterprise scenario?
Android Enterprise- The basic framework
An Android Enterprise solution comprises three major elements; the EMM console, Android device policy, and the Managed Google Play, which works in unison to manage the different endpoints.
Hexnode For Work
Android Enterprise provides organizations the flexibility to choose between Google’s Android device policy app with Android management API or the EMM’s custom Device Policy Controller (DPC) app along with Google Play EMM API. The Device Policy Controller app acts just like the Android device policy app, serving as a link with the EMM software for applying the required profiles and settings to the devices. Hexnode’s DPC- Hexnode For Work makes it easier to manage enterprise devices by making it possible to incorporate features beyond the well-defined ones laid out by Google’s Android Management API.
App management with Android Enterprise and Hexnode
Mobile devices have come a long way from their communication-only use case, evolving into an all-in-one tool capable of managing a business. And this wouldn’t be possible without the vast array of apps that we now have on our devices.
“The Google Play app revenue has grown from 15 billion in 2016 to 38.6 billion in 2020”
Now users can easily access and record enterprise data without any restrictions. Though this seems like an advantage, it can easily turn into a disadvantage without an effective device management mechanism in place capable of securing data, potentially turning these devices into weak data-exposing links. EMM solutions have developed a lot of features that make app management easier. Let’s take a look at how Hexnode makes this possible.
Enterprise app addition and distribution
Managed Google Play is the Android Enterprise’s store that allows you to select, purchase and manage your organizational apps. Hexnode allows you to easily approve and add Managed Google Play apps to the app inventory from the Managed Google Play and directly deploy them to the target devices.
How is this done?
- Navigate to Add Apps under the Apps tab and select Managed Google Apps
- Select the required work application and select Approve
- Further, please select the required approval options as to whether the app should be automatically approved or revoked when it requests new permissions
- Further, add an email address if you need notification for each permission request made by the app and then save
- The approved apps will then be added to your app inventory
As enterprise apps are specially designed for organizations, they can’t be distributed publicly through the Play store. Hence, EMMs have a pivotal role here. They distribute these apps to the required targets by initially adding them as APK files, Manifest URLs or as Managed Google Play apps into the Hexnode app inventory.
Through EMM console
APK file
These apps are uploaded as Android Package (APK) files to the Hexnode app inventory. These can then be distributed to the targets specifically or to all the devices in bulk.
Manifest URL
Enterprise apps can be added to the hexnode app inventory by adding the Manifest URL or the direct download link to the APK files
Private apps in Google play
Android Enterprise allows its users to distribute apps specific to their organization by publishing them privately in Managed Google Play. For apps to be added privately in the Managed Play Store, you need to have a developer account and get your app approved. You can learn more about developer account creation and app approval here.
These apps can be easily added to the Hexnode app inventory by selecting the required apps from the Private apps section in the Managed Google Play.
After adding these apps into the Hexnode app inventory they can be easily deployed to the target users. This can be done in multiple ways:
- From Actions under the Manage tab that allows you to install applications to a single device or a set of devices
- To a particular device by navigating to the Actions tab that is seen when the required device is selected
- By pushing a mandatory app policy with the required apps to the target devices
Silent app installation without user intervention
Silent App installation is yet another aspect that simplifies the app installation process. Organizations can easily install the required apps to the work devices without waiting for user consent. The devices enrolled in Android Enterprise as device owner supports the silent installation. For profile owner devices, the apps added as private apps can be pushed to the devices silently.
Updating Enterprise apps
Updating Enterprise apps has become a no-brainer with Hexnode in place. You can easily replace the old APK with a new file or modify the manifest URL for upgrading the previously added app version. The updated version will automatically get added to the device if the app was installed via a mandatory app policy. Otherwise, it will need to be initiated again through any of Hexnode’s methods. Updating the required app can also be carried out by adding the higher version of the app as a new app and pushing it to the devices directly.
Store layout for customizing the Managed Play Store
Sometimes aesthetics is often a forgotten aspect when we focus too much on the more technical aspects of management. Hexnode solves this issue too. It allows you to arrange apps in pages and create clusters within these pages depending on the various departments or the purposes that these apps serve, giving them a better sense of order.
Permissions and configurations for specific apps
Setting permissions and configurations for Enterprise apps before pushing the same to target devices can help restrict all those app aspects that are not required from an enterprise standpoint. It helps organizations have better control over the device apps. For a browser, while configurations include aspects like allowing images, JavaScript, cookies etc., on sites to allowing or blocking access to a list of URLs, permissions usually follow a yes-or-no approach, enabling or restricting aspects like location, reading contacts, recording audio etc.
Advanced restrictions for increased security
One of the prime areas of app management that can never be compromised is its security. Sometimes we unknowingly ignore certain app-specific features, which eventually create issues by emerging as sources of vulnerabilities. Hexnode’s advanced restrictions help you avoid these issues by sealing most of the sources of vulnerabilities.
Enforcing verify apps
With this option enabled, Google verifies the app content for the absence of harmful behavior before installation. This helps avoid instances of app-related security issues.
Install, uninstall and control apps
Disabling these options prevent users from controlling any app-related action like installation, uninstallation, clear app data, clear cache and related aspects. This curbs all instances of data loss or device tampering knowingly or unknowingly from the user end, thus securing enterprise data.
Install apps from unknown sources
App installation from unknown sources can act as a direct entry point for threats. It is usually recommended to disable the same for enterprise use cases as most applications can be deployed remotely through MDMs, and a need for such app installations rarely arises.
Work container deactivation on non-compliance for app and data protection
When devices fall out of the organization’s compliance requirements, measures can protect corporate apps and data. One such implementation is the work container deactivation. When the device becomes non-compliant, the work container deactivates, and all the apps in the container will remain hidden. The container gets reactivated again once the device regains its compliance.
Elevating device management with App configurations of OEM
A handful of devices is now running our enterprises. Android is becoming its major element due to its wide popularity. It is also a flexible platform undergoing many new implementations in device aspects as per the Enterprise needs. This is where EMM providers struggle with device management. With many OEM providers in place, implementing new features as per the different OEM requirements into device management solutions is not an easy process.
OEMConfig emerged as a solution to this problem. With this new Android standard called OEMConfig, device makers could easily make custom features universally supported by EMMs, putting an end to the time-consuming process of integrating different APIs from OEMs separately.
Original equipment manufacturers (OEMs) build their own OEMconfig applications containing their APIs for OEM-specific management and host these applications on the Google play store. As these applications are based on the Android Enterprise feature called managed configurations, it can be easily accessed by your Enterprise mobility management (EMM) provider to configure OEM-specific policies on devices and control various device aspects which are beyond the scope of their EMM solution. It allows you to easily customize the OEM-specific policies of any managed Android 5.0+ device, provided it has its OEMconfig application installed.
Well, it doesn’t end there; you can also Request Application Feedback on these managed applications and access them from the Hexnode console without any physical contact with the device. You can make use of this feature in supported apps on devices enrolled in Android Enterprise. With the help of this feedback log, you can easily identify the reasons for app failures and fix them at the earliest to ensure uninterrupted device use within the Enterprises.
Share your thoughts