Category Filter

Android Enterprise Migration Guide

This is only intended as a suggestive guide for migrating your devices still running on the legacy device administrator to Android Enterprise.
The guide will contain the benefits of migrating to Android Enterprise, our suggestions on how you can migrate your devices to a newer more secure form of Android management and the step by step instructions on how you can complete the migration process.

Why should I migrate my devices?

DEVICE ADMIN DEPRECATION

From Android 10.0 onwards, Google has announced device admin deprecation. This means that certain restrictions will not work on devices running Android 10.0+.

1) Disabling Camera
The policy to disable the use of all device cameras.

2) Disabling Keyguard features
The policy to disable the use of keyguard features.

3) Limiting Passwords
The policy to limit the passwords that the user can select, by setting the minimum length required and the password quality.

4) Password Expiry
The policy to force the user to change their password after an administrator-defined time limit.

If you are an organization that uses or intends to use any of the above policies, then it is necessary that you migrate to Android Enterprise.

SECURITY AND A REFINED UPGRADE

Ever since the introduction of Android Enterprise by Google, they have worked very hard on it. Over the years, they have improved and fine-tuned it to an experience they are so proud of. They are confidently telling their customers to upgrade to the best management experience possible.

The device security for Android is not what it used to be, with each update they improve greatly, and they only intend to improve on it. They want the best experience for their user, and as a user, it is important that you are up to date with the updates to be on the receiving end of these perks.

Which of my devices should I migrate?

ANY AND EVERY NEW DEPLOYMENT

It is a crucial part of the migration process to decide what you are going to do with your new devices being added to Hexnode MDM. We strongly recommend you enroll them into Android Enterprise. After all, why would you choose an older method that is being deprecated over a more secure and robust Enterprise experience?

The future of device management depends on Android Enterprise, and Android is adamant on making it the best device management option out there. So why say no when you can start being a part of the future now. Enroll all your new devices to Hexnode MDM via the Android Enterprise option and experience the future of device management brought to you by Google managed by Hexnode.

ANYTHING ABOVE ……

Now that you have setup a plan for all the new devices being added, you have to decide on what you are going to do with all your current devices. There is no automated method for direct migration from the legacy android management to Android Enterprise. The organization will have to disenroll and re-enroll each device into Android Enterprise which is by no means an easy way.
To reduce the difficulty of this step it is smart to create a list of all your devices and sort them based on their OS levels. Now decide a minimum OS level and migrate all devices above the OS level (e.g. Android 8.0 and above). You can do this at a gradual pace as per the organization’s needs and convenience like updating all android 9.0 devices first before moving onto android 8.0 devices.

EVERYTHING IN BETWEEN

Choose your management mode: Device owner mode of device management is ideal for fully corporate-owned devices. A device owner is assigned during the initial set up. Enroll devices with device owner privileges and earn full control over devices. On the other hand, you can choose the profile owner mode for all other device deployments (like BYOD) that you don’t want to bind into device owner mode at the expense of a few features.

It is important that you decide how you want to manage your devices i.e. in device owner mode or profile owner mode and it is time to decide now. If you represent an organization that provides the device to the user or if you feel good with the legacy android management setup that’s fine too. A choice must be made on the matter before moving forward for all the other cases.

Device Lifecycle: After a lot a deliberation you might have decided to stay with the current mode of management that’s fine, Hexnode will be here to manage those devices till such devices cease to exist. In such cases it is best to continue with the current mode till your device is eventually replaced by newer models. The average life of a corporate device (android) is around 1-2 years, till the next device cycle you have nothing to worry about. Hexnode got you covered.

BYOD troubles: BYOD users will have the habit of updating their devices to the latest OS version and as an organization there isn’t much you can say about it. Afterall it’s the user’s personal device, it’s hard to justify restricting their control over the personal side of the device. This is a use case that requires attention, if your organization is reliant on BYO devices then it is important that you start migrating now!!

Application Support: Though this is not a major issue it still an issue for some organizations. With a newer android version, the application support for a lot of apps for lower OS versions will be removed. In the not so distant future, a lot of devices will need the OS update to support any necessary apps, new apps targeting the OS level and any enterprise apps that are updated to work better on higher versions. If such a case occurs, and it will in time, an update is inevitable and hence the migration.

How do I migrate my devices?

HEXNODE FOR WORK APP

This method involves downloading the Hexnode For Work DPC (Device Policy Controller) app from the Google play store and setting it up.

The following are a few methods for enrollment of the device into a full managed mode, these are used during initial device setup and for devices currently in use will require a full device reset for enrollment.

ZERO TOUCH ENROLLMENT (ZTE)

When you have a whole lot of corporate-owned devices to be enrolled in bulk, Zero Touch Enrollment (ZTE) is the best way to go. Android ZTE is a one-time process for the easy deployment of corporate-owned devices in bulk without the need of manually configuring each of them.
It is an out-of-box enrollment method where the devices will be enrolled with MDM once it is powered on and connected to the network. This reduces the risks caused by the users due to incorrect entry of information or configuring wrong settings. It also prevents unauthorized devices from joining your MDM environment thus enhancing your security.
We recommend this method for bulk device enrollment.
A step by step guide on how to complete the enrollment.

QR CODE

You can enroll devices in Android Enterprise using QR code in both device owner and profile owner mode. We recommend this method for individual / small scale device enrollment.
A step by step guide on how to complete the enrollment.
As a bonus your organization can leave around a couple prints of the QR available from the Hexnode portal making it easier for the employees to enroll their devices easily and at their convenience.

AFW# METHOD

A device owner can be assigned only during the initial setup of the device. Making Hexnode MDM a device owner can grant additional permissions for Hexnode MDM. It is recommended to be a device owner only if the device is owned by the Organization.
If it is a personal device, it’s better you stick with the profile owner setup since you are restricted from accessing the apps other than those allowed by your Organization. We recommend this method for individual / small scale device enrollment.
A step by step guide on how to complete the enrollment.

KNOX ENROLLMENT

What if you are on the device admin mode of management from a Knox supported device? Well, in such a case, you can choose to reset the device and enroll it directly to the Hexnode portal via any of the steps mentioned above.
A device owner enrollment setup is available in the Knox portal. Knox enrollment is crucial if you want to utilize the benefits and additional management capabilities provided through the Knox portal for Knox enabled Samsung devices.
A step by step guide on how to complete the enrollment.

42 or Hexnode?

Well 42 might be the “Answer to the Ultimate Question of Life, the Universe, and Everything” but the gears have got this wrong not even the best deepthought supercomputers not even in 7.5M years will argue that Hexnode is the only answer to any and every question of device management there is.