The how and why of rugged device management
Dedicated devices are not just limited to consumer devices. Learn the ins and outs of rugged device management with this blog.
Get fresh insights, pro tips, and thought starters–only the best of posts for you.
Aug 5, 2021
13 min read
Dedicated devices play an important part in everyday life. They can be found everywhere – right from way finding kiosks in transit hubs to customer facing devices found in most healthcare centres and retail stores. These are fully managed devices used for a single purpose. Dedicated devices can either be employee facing, such as devices used for inventory management within the logistics industry or customer facing that would include self-check-in kiosks and digital signages.
Android enterprise first came about in 2014 with 5.0 Lollipop. It allowed admins to integrate commonly used device management APIs and EMM APIs. Device management went up to a whole new level with the introduction of Android Enterprise.
Work containers could be created on personal device of employees, corporate data could be secured and work data could be kept separate from the personal data of employees. Enrolling corporate bought devices as device owner enabled businesses to have full ownership over the managed devices.
In addition to mandating device encryption, applications can be configured and businesses could publish their very own applications within Managed Google Play. Hexnode’s integration with Android Enterprise makes it easier for admins to get complete control over their dedicated devices. The enrolment methods supported in fully managed devices include:
Setting up the right configurations and permissions can make the managed applications more secure. By enrolling the dedicated devices via Android Enterprise, the work app settings can be easily pre-configured and made more intuned with the end users.
Sometimes it’s best not to give an application more permission than what is required. For instance, not all applications that is installed needs to have access to the device location. Admins can take care of this problem by pushing a policy that restricts the app from accessing the device location. In addition to boosting up the security of the device, enrolling the devices in Android Enterprise also comes with the added convenience of silently installing application onto the devices without any user intervention.
Organizations may require the use of their own applications, these enterprise or in-house applications can be published in Managed Google Play store and managed within the UEM console.
OEM Config is a standard set by Google that allows OEMs and EMMs to build and support OEM specific features. The OEM first creates a schema which would consist of the OEM specific management features.
This schema is then embedded into an app and the app is published on Google Play. The organization would then approve and add the app within the UEM console. Settings can be configured by using managed app configurations. The app can be silently pushed onto the devices via Hexnode.
Once the OEM Config app is installed on the device, the configured settings can be used to manage the device. Whenever a new feature is added, OEM updates the app and Hexnode will automatically support the new feature. The benefits that OEM Config contributes to Android device management extent to:
A dedicated device will be locked to a single application or a set of applications used to fulfil a single purpose. The devices can either be locked in a single app kiosk mode or a multi app kiosk mode.
This means that the device will be locked down to a single application. The app would function with just minimal device functionalities enabled. Admins can decide on what needs to be enabled by configuring the peripheral settings of the devices.
Once the device enters kiosk mode, the application would launch by itself, run in the foreground and relaunch even after the device shuts down or is rebooted. The auto launch feature guides the user back to the kiosk home screen wherein they can exit the kiosk mode by entering the kiosk password.
Devices can be locked down to more than one application as well. When the devices are locked in a multi app kiosk mode, admins can use the kiosk launcher to choose which application to launch when the kiosk device is powered on or is idle.
One of the traits that define top performing businesses within their respective industries is their individuality. Customizing the kiosk devices to reflect your organization’s values is one of the best ways to build long lasting trust with customers.
Hexnode has a dedicated kiosk browser of its own where admins can configure its display settings. Prior to having the kiosk devices all set, it’s always best to have a preview of how the screen would look at the user end. The advanced view within Hexnode’s web console will give admins a clear idea on how the applications would be displayed at the kiosk home screen. Advanced view also enables the customization of the icon size and grid view.
Your business may have launched a brand new website or you may have released a new product that your customers have been waiting for quite a while. You can add these websites as web apps and lock the device down to function with those apps.
Though you can use other browsers to open the web applications, Hexnode’s own dedicated kiosk browser provides a more secure browser experience. Configurations can be done to make the website kiosk more aligned with your businesses’ unique brand customizations.
Digital signages play an important part in building brand awareness. Though paper-based advertising mediums are still used, they aren’t popular enough to catch the attention of prospective customers anymore.
Digital signages are pretty much present nearly everywhere with heavy foot traffic. Android devices can be easily turned to digital signages. Just push the files (these include images and videos) you wish deploy at the user end via Hexnode’s web console and customize the content that is to be displayed by defining its display settings.
Dedicated devices being a part of fully managed devices are managed completely by the organization. Having a UEM solution in place helps admins to push necessary configurations and settings onto the devices to make it more secure. The benefits of managing dedicated devices via UEM includes:
Without having a clear picture in mind, getting the device all equipped for users can be a challenge. This includes ensuring users have immediate access to the applications they need. The required applications can be installed and uninstalled silently from the devices, thus taking away dependency on users who may create downtime by trying to manage the applications on their own.
Enterprise applications on Android devices can be upgraded without exiting from kiosk mode. This saves admins the need to quit the kiosk mode in order to have the application upgraded. If you are thinking about deleting an application, deleting it will only remove the app from kiosk mode, it will not get removed from the device. By setting the right configurations and permissions admins can customize the apps to make it fit to end users’ requirements and define what apps can have access to.
No one likes a cluttered screen. An app catalog can come in handy when applications in devices deployed as multi app kiosks need to be properly categorized.
It’s always a good idea to keep track of the data consumption of the applications. Curbing unwanted network expenses can be extremely irksome if you don’t have some sort of measures in place. By setting up app wise usage restrictions on the application, admins can make sure that the data consumed by the application do not stray out of the confines set by the organization.
The peripheral settings of the device can be customized when they are locked down in a kiosk mode. This will help in preventing users from unnecessarily tampering with the device settings. Secure restrictions and policies can be pushed to make sure sensitive corporate data stays safe within the devices.
Admins can configure the Wi-Fi and other network settings to ensure that the kiosks always stay connected to a corporate approved network.
Factory reset protection is a security feature that is enabled by default on Android devices. This is useful especially in cases of lost or stolen devices, it prevents unauthorized people from wiping the data or reset the device to factory settings without permission. While this may be a good thing, there may be situations in which you might want to bypass factory reset protection. With Hexnode, you can bypass factory reset protection by entering your Google account credentials and disable factory reset protection by skipping the Google account verification step.
New OS updates always come with security fixes and updates. Upgrading the device to the latest OS version ensures that the devices stay secure against known vulnerabilities.
Safeguarding the security of lost or stolen devices is never an easy thing to do. With a UEM solution, this task can be taken care off more easily. The devices can be remotely locked and its data securely wiped from the console. Remote ring can be enabled to find the current location of the device.
By enabling lost mode on the lost or stolen Android devices, the device will be instantly locked and its data wiped off. A custom lock screen message can also be displayed with essential details so the device can be returned to its rightful owner.
There may be situation where the device may move from one location to another. Or employees may simply take the devices home to get more work done. Whatever the case maybe, you might want to track the location of the devices. You can scan the device location and remotely push a location tracking policy to get updates on the current location of the device. Location history of the device can also be viewed from the web console.
Remote view and control of Android devices makes it a lot easier for admins to immediately troubleshoot any issues users may face. Downtime can be a serious thing if it is not dealt with swiftly.
This feature can give admins the convenience to resolve any technical glitches that may come in the way and the get the devices up and running without much delay. Even if the devices are locked down as kiosks, messages can still be sent to the user end devices via Hexnode Messenger.
Both PDF and video files can be added as shortcuts. You don’t necessarily need to have an application installed to read or view the files, PDF files can be opened up using Hexnode Document Reader and video files viewed with Hexnode Media Player. Using any other application would require granting storage access permission on the device.
It’s good to have an efficient way in which the kiosk mode can be exited. It won’t to do to have the devices stuck and leave end users frustrated in not being able to exit the kiosk mode smoothly. Hexnode offers multiple approaches in which kiosk mode can be exited. Kiosk mode can be exited even when the application is open. Just tap on the left-hand corner of the screen for the specified number of times. A pop up would appear to enter the kiosk exit passcode.
When a device in kiosk mode is rebooted, there will be a delay for the application to launch, thus the kiosk home screen will be displayed for quite some time. Users can tap on the home screen consecutively until a pop up appears requesting users to enter the kiosk exit passcode.
Though the increased usage of dedicated devices across various industries is a good thing, it comes with its own risks. Maintaining adequate security on the devices and ensuring that confidential data remains safe can be challenging. UEM can help in effectively addressing those challenges.