Leveraging the most out of Managed App Configurations: An Android Enterprise focal point

Jayden Traoré

Mar 12, 2020

6 min read

From the inception of Android OS, its market share in enterprise mobility has been very slim. Google adamant on improving this started working on enterprise management capabilities for Android. It didn’t take them long, with the launch of Android 5.0 (Lollipop), Google announced ‘Android for work’ or ‘Android Enterprise’ as it’s known now.

AppConfig Community – A mammoth role in device management

With Android Enterprise came managed app configurations. Before its introduction, developers and ISVs (Independent Software Vendor) had the difficult task of creating an app different way to support the long line of EMM vendors in the market. This hardship changed when a group of industry leaders came together and agreed on a set of native APIs which can be remotely set by the EMM server.

The community urged all major vendors to join in and now serves as the industry standard.

AppConfig Community has been responsible for some of the major developments in device management in recent years. The successful implementation of OEMConfig, which will be detailed below, is their most recent project. Just an example of how helping others can help you.

A set of competitors, rivals, working together for achieving the best results possible for the end users. This can be helpful for the community as a whole; all this translates to the end-user and ensures more bang for each buck.

Managed Configurations – What’s on the menu?

Managed Application Configuration has been used well over the years. It has developed into so much more than just remotely pushing application configurations. Proper knowledge and implementation can help you manage your enterprise much more efficiently. You may have already heard about or are leveraging features of managed app configuration in your enterprise, but it won’t hurt to read through.

Application Management:

As the IT administrator of your organization you will be required to pass on a long list of information to the employees. These may include login credentials for various websites and services, similar data to be passed like email id, phone numbers, etc. A core deputation indeed but it’s never easy sharing such data with more than a thousand or even over a hundred employees.

Wouldn’t it be easy if a load of such data can be passed to the apps to be used automatically from your MDM console? It would undoubtedly reduce your headache a lot. Here are some such use cases:

Passing Credentials and Data

The passing of credentials and important data to the apps directly as mentioned above is possible from the MDM console through managed application configuration. The data to be passed can also be passed on in the form of an XML file in Android devices. This is the basic use case for which the application configuration setup was introduced.

This is also very crucial for kiosk users. Using this method, you can send configurations and updates to apps locked down in kiosk mode without any user intervention or disruptions in the working.

Application Permissions

Choose what your application can access. Managed configurations can be used to configure an application to pre-define its behavior. The process of containerization of an application by restricting what it can access on the device is easily configurable via the managed app configuration.

Access management

Providing access to applications explicitly approved by an organization. Like Apple’s Volume Purchase Program, the bulk purchase of paid applications was made easy through managed Google Play. Application updates can be pushed silently to the user devices. It also helped in removing the requirement for user-managed google accounts.

App Tunnel

In some cases, an app may require access to service protected by a corporate firewall. This can be executed with a secure app tunnel. The Per-app VPN apps like Aruba via, F5 access, Juniper SSL etc. can be configured using managed application configuration to include the list of approved apps that will assist in app tunneling.

Single Sign-On

Similar principles like App tunnel management can also be used for the implementation of Single Sign-On. Several vendors have their own SSO app available which can be configured using managed application configuration. 68% of users reported having to switch between 10 or more different apps every hour. Imagine all the time that could be saved with a proper SSO service.

Device Management

As if all this wasn’t enough, enter OEMConfig the crazy idea of using the managed application configuration to manage more than just applications. Yes, you heard it right, you can now manage an entire device beyond what MDMs can natively offer.


A device management brilliance still undergoing its ‘fine tuning’ works under the hood. Announced by Android in 2018 by partnering with top OEM vendors like Samsung, this device management strategy really took off in Q4 of 2019 with it being called the device management system of the future.

Just like you can configure the application’s settings via the managed application setup in Android enterprise, device settings can be configured through the OEM vendor’s application hosted on Google play. Intrigued? A detailed read is available here.

What were the improvements to Managed Application Configuration announced at Android Enterprise Summit 2019?

A common report among users is the higher than acceptable rate of failure in pushing policies to applications via managed app configurations. But like everything Android, it’s being worked on and should see considerable improvements shortly. And as for the AE Summit 2019, the following were the key improvements announced for Managed app configuration.

App Feedback Channel

Talk about one-sided affairs. Managed app configurations in Android Enterprise couldn’t be more one-sided than it is now. You pass a configuration to the app and….and… you can cross your fingers and hope everything works out well. At least that’s how things go now.

App Feedback Channel is an upcoming feature in Android Enterprise Managed Configurations where admins can get the response for any state during managed configuration execution. This helps understand and rectify errors during execution.

Update Broadcast

Another major issue is the delay in the configurations getting pushed to the apps. Instead of waiting for the configurations to reflect, update broadcast will directly notify the applications that there is a new managed config to apply irrespective of the application’s state in a much more direct and reliable way.

Managed App Configurations has its flaws, we agree. But as long as Android is on it, we can expect it to get more refined. The developments and the potential Managed Configurations that have unlocked in the device management space is by no means a small feat. We can expect more surprises in the coming years with Android and Google.

Jayden Traoré

Product Evangelist @ Hexnode. Sometimes, I have the feeling I live in a story: a magnificent story written by a mediocre writer living off coffee and technology.

Share your thoughts