7 Android Enterprise features you should use in your organization right now

Noel Rivera

Jul 21, 2020

7 min read

A while back Google renamed the Android for work platform to Android enterprise. They also took this up as an opportunity to expand the platform and incorporate more comprehensive features that were suited for an enterprise-level of device managementAs each Android OS update crept upGoogle gradually kept on adding tools and technologies which would be beneficial to both the users (employees) and the IT department.  

Now with this whole hoopla of features being added and enhanced it’s quite natural that some of it may go unnoticed or be underrated in a wayIn order to effectively utilize the capabilities of the Android enterprise platform, it would be better that all the stakeholders involved have a knowledge of these features 

With this article, we aim to provide you with an insight into some features that have been enhanced recently or some features that you might not have known or some features that are just plain awesome and you should totally employ in your organization. 

To start off, what is Android enterprise? Let’s take a look at it briefly.  

Android enterprise is an apex solution that covers management and security features available for a device running Android OS. Android enterprise can seamlessly integrate with many Enterprise Mobility Management (EMM) platforms and hence can support various device provisioning methods and BYOD deployments.  

Now let’s move on to the Android enterprise features: 

Zero-touch Enrollment 

This is one feature of Android Enterprise that has been getting a lot of attention and it deserves all the attention it has been getting. It is one of the most useful features an enterprise solution could have. For IT adminsit provides a method through which they can deploy devices in bulk with similar configurationsFor the employees, they get an out-the-box experience with a fully enrolled device, which means they don’t have to manually set up their devices.  

So, zero-touch enrollment is a method of deploying Android devices remotely with the help of the Android zero-touch portal. Google did make some enhancements to Android zero-touch enrollment in Android 10 OS update. Previously corporate-owned devices can only be deployed as fully managed devices through zero-touch enrollmentAs of Android 10, corporate-owned devices can now be provisioned with a work profile through zero-touch enrollment 

For IT admins this means that it is an easier way of consistently deploying work profiles across a multitude of devices. For employees, adding a work profile to corporate-owned devices means that they get similar privacy capabilities that is applied to work profiles in BYO devices.  

So, it’s a pretty neat feature that is available for devices running Android and is in the Enterprise program. 

Work Profiles 

Android work profiles are basically encrypted containers within Android devices to store work data. Their primary objective is to foresee that personal data and work data don’t mingleIt is a perfect solution for your organization If you’re planning you take the BYOD route. Each of the employees can have their own work profile within their personal devices. 

As of Android 10, work profiles have moved on from just being a solution for BYOD. As we said earlier, with the help of zero-touch enrollment work profiles can be deployed on corporate-owned devices. This solves the age-old gripe employees had with storing personal data in corporate-owned devices, privacy. By establishing work profiles in these devices, the employees can be assured of the fact that IT wouldn’t be snooping in on their personal data.  

Android Enterprise features - Work Profile.

Managed Google Play

Google Play ‘s managed version combines basic app store functionality with management capabilities to provide IT admins, with an option to establish an enterprise Play Store. Admins can deploy and approve apps, purchase app licenses, manage permissions, and perform other management tasksEmployees can download apps, view app stats, install apps on devices, and perform other actions like they could in the Google Play Store. 

Once the Google Play API is integrated with an EMM platformadmins can choose which apps employees can download, app installations can also be controlledApp licensing, an otherwise tedious taskcan be managed in bulkThe admin can also push managed Play Store layout for work apps only. Several other features like silent installation, which enables admins to install apps in employee’s devices without their intervention, is also present 


Google play store layout

Managed Play Store with custom layout sections. source 

Managed Configurations 

Previously known as app restrictions, managed configurations allow IT admins to remotely specify settings for apps. Admins can add specific configurations to organization approved apps in the work profile. That is all well and good but where this feature actually shines is when used in tandem with OEMConfig.

The OEMconfig program was released to standardize Android enterprise device management. The Android ecosystem was fragmented because OEMs would often change the nature of the operating system which created complications for EMM platforms. The way OEMconfig worked was simpleThe OEMs would create an OEMconfig file-based app and upload it on the Google play store. The app can then be pushed to devices made by the specific OEMs. 

With the help of manage configurations, admins can now push configurations to these OEM apps remotely. 

VPN security 

VPNs allow safe network access to devices that are not physically on a network. VPN lets employees browse the internet in a safe manner. When the device boots, Android can start a VPN service, and keep it running while the device is on. This functionality is called Always On VPN and is available in Android 7.0 or higher. It improves security and compliance for corporate-owned devices by allowing administrators to retain standard configurations and to ensure their devices have the best possible security posture. 

In Android 10 a VPN lockdown mode was introduced which enabled admins to block access of any apps that weren’t using a VPN.  

So Always-on VPN and VPN lockdown mode, both are excellent Android enterprise features to keep in mind. 

Android Things 

Through the Android things program, Android enterprise supports IoT device management.  

With recent Android OS updates, a wide range of devices, via the Android things program APIs, are supported. This is a bit more complex than it seems, the admin should essentially develop a version of Android, with the help of Android SDK and Android things APIs, that cater to these dedicated IoT devices. Since the underlying OS is essentially the same the EMM platform that is integrated with Android Enterprise can theoretically manage these dedicated devices. A separate Device Policy Controller (DPC) app might be needed for the communication between The EMM platform and the device. 

The real-life use cases are plentiful. In a typical organization, there would be tons of devices that can be an Android things device. These devices could range from kiosks, printersscanners, refrigerators, etc.   

System Update Deferring

System updates are necessary but often more than not lost a lot of bandwidth and a lot of data. Google came up with a solution for this in Android 10Admins can now install system updates via a system update file for fully managed devices. This feature helps admins to avoid duplicate downloads on bandwidth-limited networks. Installations can be staggered or it may be updated when the device is not being used. Another nifty use case of this particular feature is that the admin can test an update on a small number of devices before installing them widely so that he can understand if there are some bugs related to the update. 

Noel Rivera

Existential and Curious.

Share your thoughts