What is Android Enterprse?
Read on everything there is to know about the Android Enterprise program from Google.
Get fresh insights, pro tips, and thought starters–only the best of posts for you.
May 27, 2021
9 min read
Do you use a company-owned device for work? Chances are that you probably do, just like the majority of employees throughout the world. The distinction between work and personal devices is also blurring, as we use personal devices for work or company-owned devices for personal purposes. With company-owned devices, the IT manager has more power to manage, control, and secure them with a solution like Hexnode. Android is a winner as a device option with many industries for its flexibility, hardware options, and the staggering number of features it has. Android Enterprise is an excellent feature by Google for making the Android devices corporate-ready. For company-owned devices that are managed with Android Enterprise, the admin gets three management options to choose from:
Android’s Zero-Touch Enrollment (ZTE) allows the admin to deploy the company-owned devices in bulk instead of manually setting up each device. For Samsung Knox devices, Samsung Knox Mobile Enrollment (KME) is also a viable method. These enrollment methods allow the admin to pre-configure the management settings to manage the device as soon as the user turns the device on for the first time.
For devices enrolled as device owner in the Android Enterprise program, Hexnode allows the admin to install or uninstall apps or app groups silently without any user intervention. Silent app installation is a very popular feature amongst admins.
The admin can blacklist or whitelist required apps for devices enrolled with the Android Enterprise program. For fully managed devices, all apps are downloaded from Managed Google Play. The admin should whitelist the Managed Google Play for installing new apps or updating existing ones.
Before pushing the Android Enterprise apps to the devices, the admin can pre-configure the app configurations and permissions in a policy. The apps would then get installed with these pre-configured configurations and settings when the policy is applied.
Forgetting the device password lock is very common. And the first thing that the user does usually is to contact the IT admin of the organization. Hexnode allows the admin to clear the device password from the web console remotely, and the user can set a new password abiding by the password rules.
Enforce the whole device encryption at the time of enrollment for enhanced security. The storage encryption is turned on by default.
VPN lets the users access the company network remotely. Hexnode allows the admin to configure and deploy the VPN profiles that help in securing communication and app data over the private network.
A certificate is a popular security tool that contains data that can secure and authenticate the users to access corporate resources. Certificates can be used to secure network connections like VPN and WiFi, validate email communications and authenticate users to access data. Hexnode admins can remotely deploy certificates to the enrolled devices. The fully managed devices install these certificates silently. The admin can also remove all the user-installed credentials from the devices.
For Android Enterprise devices enrolled as device owner (fully managed), the IT manager can choose to install the OS updates automatically, install the updates during inactive hours or postpone the updates for up to thirty days.
Lost or stolen devices are a source of headaches for the company. Security risks are high, and it is important to take measures against them. Hexnode allows the admin to lock the lost device with a custom message for the finder. If the device is stolen, it would be better for the admin to wipe the entire device from the Hexnode web console.
This feature is the cornerstone of COPE devices. Hexnode devices enrolled with Android Enterprise as Profile Owner have a separate logical container that clearly containerizes the work apps and data from the user’s personal space. Admins have complete control over the work container, but little to no control over the personal space. The admins can remotely install/uninstall/update apps, blacklist/whitelist apps, deploy security policies, and more, but only for the work container.
The first step to device security is setting a strong password, and organizations cannot rely on the users to configure a strong one on their own. Hexnode allows the admins to configure the password rules for the work profile. The user would then need to configure a separate password according to the password rules for the work container.
What happens if the user leaves the organization with the COPE device? Or a device with sensitive corporate data gets lost or stolen? A viable solution is to remotely wipe the work container data and apps with Hexnode. The admin can also entirely remove the work profile from the misplaced device.
Dedicated devices, formerly known as Corporate Owned Single Use (COSU), are company-owned devices that are meant to serve a dedicated purpose, such as a mall kiosk or digital signage. These devices are fully managed by the organization. While there are different methods in the market for deploying dedicated devices, the easiest and most secure method is to use an enterprise mobility management solution that supports different kiosk modes like Hexnode.
Single App Mode
Hexnode’s single app mode allows the admin to lock the devices into a single app of their choice, converting the Android devices into a single-purpose device. The app can be a Managed Google Play app, enterprise or in-house app, or even a web app. The users would not be able to access any other application or device settings on the locked device. Single app mode is used in malls for information kiosks, restaurants for ordering, hospitals for patient monitoring, and more. Combined with rugged devices, single app mode is also useful for workers at construction or mining sites, where they can work without distractions.
Digital Signage Display
Android Enterprise is a boon to the enterprise world. The management options for the company-owned devices are numerous, and they are continuously evolving every year. To take full advantage of all the features, it is necessary to use a Unified Endpoint Management (UEM) solution like Hexnode. The UEM should have regular updates and be able to keep up with the always-changing times.