Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. How-to Guides
  3. Migration Guides

Category filter

Android Enterprise Migration Guide

Jump To

Why migrate to Android Enterprise?

Migrating to Android Enterprise (AE) is no longer optional; it is a necessity for securing modern device management. The legacy Device Administrator API has been deprecated by Google starting with Android 10.0, meaning critical security features no longer function on newer devices.

Impact of device admin deprecation (Android 10+)

If your organization relies on legacy management, the following features will fail on devices running Android 10 and above:

  • Camera Restrictions: You cannot globally disable the device camera.
  • Keyguard Features: You cannot disable specific keyguard features.
  • Password Policies: Controls for minimum password length, quality, and expiry are disabled.

Migrating to Android Enterprise offers a refined, future-proof security framework that Google actively develops and supports.

Choosing your management mode

Before migrating, categorize your devices to select the correct enrollment mode. There is no direct automated upgrade; devices must be re-enrolled.

1. Device Owner Mode (Corporate-Owned)

  • Target Audience: Fully corporate-owned devices.
  • Access Level: Full administrative control over the entire device.
  • Deployment: Must be set up during the initial out-of-box experience (factory reset required).
  • Recommendation: Use this for all company assets to ensure maximum security and control.

2. Profile Owner Mode (BYOD)

  • Target Audience: Employee-owned devices (Bring Your Own Device).
  • Access Level: Creates a separate “Work Container” for corporate apps and data. Personal data remains private and untouched.
  • Deployment: Can be set up on devices already in use.
  • Recommendation: Use this to balance corporate security with user privacy.

Migration Strategy

  • New Deployments: Enroll all new devices directly into Android Enterprise.
  • Existing Inventory: Audit your devices. Prioritize migrating devices running Android 8.0+ to ensure they remain compliant and secure. Older devices can be phased out as they reach their end-of-life cycle (typically 1-2 years).

How to migrate via different enrollment methods?

Since migration requires re-enrollment, choose the method that best fits your scale and device type.

Zero Touch Enrollment (ZTE)

  • Best For: Bulk deployment of corporate-owned devices.
  • Process: Devices are pre-configured in the Google Zero Touch portal. Upon unboxing and connecting to Wi-Fi, they automatically enroll, and policies are applied.
  • Benefit: Prevents unauthorized use and eliminates manual setup errors.

QR Code Enrollment

  • Best For: Individual or small-scale deployments (Device Owner & Profile Owner).
  • Process:
    • Device Owner: Tap the “Welcome” screen 6 times on a factory-reset device and scan the QR code.
    • Profile Owner: Scan the QR code from the Hexnode portal settings.
  • Benefit: Simple, low-friction setup for on-site staff.

afw# Method (DPC Identifier)

  • Best For: Devices where QR scanning is difficult or during initial setup of non-ZTE devices.
  • Process: When prompted for a Google Account during setup, enter afw#hexnodemdm. This command automatically downloads the Hexnode for Work app (DPC) and initiates the Device Owner setup.

Samsung Knox Mobile Enrollment (KME)

  • Best For: Samsung corporate devices.
  • Process: Configure the profile in the Knox portal. Even devices currently on Device Admin can be reset and re-enrolled via KME to gain Device Owner status.
  • Benefit: Leverages Samsung’s hardware-backed security features.

Next Step

Ready to migrate? Log in to your Hexnode portal to configure your Android Enterprise settings and generate your enrollment credentials.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
How-to Guides