Noel Rivera
Jul 7, 2020
8 min read
Android enterprise is an initiative by Google to enable the use of Android devices and apps in the workplace. Debuted back in 2014 with 5.0 Lollipop, the Android enterprise program aimed to provide new management capabilities to organizations that were willing to adopt the Android ecosystem in their workplace.
Over the years, we have seen the growth and maturity of Android as a platform. Android enterprise has also grown alongside this. With the help of Android enterprise, the admin is able to provide a lot of flexibility when it comes to workplace device management. There are basically four scenarios that Android enterprise program supports.
Android Enterprise Program Scenarios.
Work Profile (BYOD)– A separate container or profile is formed within a personal device owned by the user.
Fully Managed Device– A device that is issued and controlled fully by the corporate.
Work Profile in a fully managed device (COPE)– Similar to work the only device but the users can do personal tasks too on this device.
Dedicated Device– Corporate issued device which fulfills a particular task. Like digital signage, ticket printing, etc.
Gain insight regarding the growth of Android Enterprise through the years, device management functionalities, Onboarding, OEMConfig etc.Android Enterprise - Accommodating mobility in the Enterprise (Whitepaper)
As of 2020, the latest version of Android is Android 10 and Android 11 is in Beta. Android 10 Enterprise already offers the bleeding edge in device management capabilities and Android 11 aims to enhance these features. The changes that would be introduced in these versions would be enhancements more or less. Sweeping changes that we have had in previous versions shouldn’t be expected because Android as a platform has matured. That being said here are a few things you should know about Android Enterprise in the year 2020.
A work profile is an encrypted container within a device. This container’s purpose is to avoid the mingling of work data and personal data. This is applicable for both corporate-owned fully managed devices and personal devices. In Android 10, it was made possible to provision work profiles via Zero-Touch Enrollment and QR code. This meant that admins were able to deploy work profiles in corporate-owned devices.
71 percent of employees agreed that all their personal data on the device they use should remain private. Click To TweetAt first glance, this looked like a happy marriage. It would bring out the best in both the solutions. But as it turns out, employees do care a lot about their personal data being private. In a survey conducted by ESG research, 71 percent of employees agreed that all their personal data on the device they use should remain private and out of the hands of the IT department. Even on company-owned devices, employees demanded privacy and this kind of resistance was not good in any way for the organization.
The functioning of a Work Profile in Android Enterprise Program
Keeping this mind, Google has released a new enhancement through Android 11 for the work profile which is more privacy-centric. This enhancement works in tandem with the provisioning features introduced in Android 10. If the setup wizard uses the tools introduced in Android 10 to add a work profile, the device is recognized as company-owned and the device policy controller (DPC) is granted a wider range of asset management and device security policies. This made sure that the employees got privacy benefits through a single work profile experience on both personally owned and corporate-owned devices.
Several UX changes have also been introduced to the work profile. The tab view of the menu which was introduced in Android P now extends to:
Tabbed View in Android 11 Enterprise’s Work Profile (Source)
The UX also makes it much clearer when the work profile is paused. The icon will turn grey and stay that way until the work profile passcode is entered.
Work Profile apps in Android 11 Enterprise (Source)
Another UX change is the addition of the “forgot password” button. This can be enabled by the DPC.
Other features like Managed Google Play, a Play Store that would only display apps pre-approved by the admin, Silent app installation are all intact.
Other features introduced in Android 10 enterprise program that might be new to you include:
A fully managed device is a device that is locked down to the environment set up by the admin. This scenario is also called the device owner mode and can only be set up with a complete factory reset. As of Android 10, these are the ways you could deploy a fully managed device:
The following changes were introduced on fully managed devices in Android 10 Enterprise program:
Common Criteria Mode is the international standard for defining security standards for IT products. With Android 11 enterprise, admins can now enable this mode on company-owned devices. This includes both fully managed devices and corporate-owned, work profile enabled devices.
Common Criteria Mode aims to address specific requirements laid down by Mobile Device Fundamentals Protection Profile (MDFPP) to protect IT products against security threats such as
And many more.
Common Criteria mode was previously available only on the Samsung Knox platform as a restriction.
Both Android 10 and Android 11 versions of the Enterprise program has aimed to enhance online security beefing up VPN configurations available to the admin.
Android Enterprise program’s Zero-Touch Enrollment, enables you to make large scale roll-outs of corporate-owned devices, handsfree. This method is available for devices sporting Android 8.0 +. The devices should also be purchased from authorized resellers.
The device arrives in the hand of your employees as a managed device, out of the box. Previously, the devices deployed through zero-touch were only fully managed devices. Since Android 10, admins can now provision work profiles in corporate-owned devices.
This widens the scope of zero-touch enrollment.
Share your thoughts