Understand the tools for managing Android devices in the enterprise
Over the past year, Google has released new capabilities and features to manage Android enterprise devices. IT should be aware of these recent updates for Android device management.
When it comes to managing Android devices in the enterprise, IT has a lot to keep track of -- so let's explore the newest updates that will ease the process.
There are a lot of factors to consider when it comes to Android management, from different device APIs and deployment scenarios to application management and security update rollouts. And with the release of Android P, the options for managing Android devices in the enterprise are growing.
Manage profiles and general updates with Android P
Google added features in Android's latest OS, Android P, to improve its use in the enterprise. Its rebooted navigation system makes it easier for users to work on their devices. For example, Google's Android P Slices enables users to access recently used features quickly.
Android P's major advancement for IT pros is the work profile user interface, which separates work and personal apps. It enables users to switch between different accounts on an app to keep work and personal use separate.
For example, a user can open an email app and switch from a personal email account to a work profile. If workers share devices, Android P can support multiple users and administrators can limit how each account can use the dedicated device.
IT will have a new tool for managing Android devices in the enterprise with Management API, which is currently available in beta. Enterprise mobility management (EMM) vendors will likely continue to use their own APIs, but this new API could replace EMM in the future for smaller companies.
Android P also restricts access to unofficial APIs.
Zero-touch provisioning program and management options
Android expanded its enrollment capabilities, which are similar to Apple's Device Enrollment Program (DEP), in September 2017 using zero-touch provisioning. The Android device enrollment program is available for phones purchased through Verizon Wireless, AT&T and other carriers, as well as from OEM partners including LG Electronics, HTC, Motorola and more.
Zero-touch provisioning simplifies the traditional process and makes it easier to manage devices at scale. IT can select preconfigured settings and EMM software for Android devices during purchase. IT assigns a user ID to each device, and when the user signs in for the first time, they use their user ID to access the preconfigured settings and EMM enrollment features.
The enrollment program is still less than a year old, but it has faced issues with potential fragmentation. The program offers support for a variety of devices, but they don't all support the same OS versions, which could cause fragmentation issues. Meanwhile, Apple's DEP has support on all iOS devices, and IT can add devices purchased outside of the program.
Updates to Android device security
In February 2018, Google released Android Enterprise Recommended, a program for continuously managing Android devices in the enterprise. Under this program, all devices will receive security updates within 90 days of their release for at least three years after purchase, and the devices need to meet minimum hardware specifications, including running on Android 7.0 Nougat or higher. Google will remove devices from the program if they don't meet the requirements.
Google is aiming to create consistency across each OEM after some devices stopped getting updates within 18 months of their release. At its launch, the program recommended devices from six OEMs, including the BlackBerry KeyOne and Motion, Google Pixel, Pixel XL, Pixel 2 and Pixel 2 XL.
New security features that focus on identification and authentication became available with the release of Android P. Google's Android Protected Confirmation gives the OS API the capability to ensure that a transaction, such as a money transfer or connection to a medical device, occurs in a Trusted Execution Environment (TEE), which is a separate microprocessor. The TEE protects data from malware, even on an infected device.
Android P provides stronger protection and tamper resistance to create better security keys for multifactor authentication on Android devices. Android P also added a lockdown mode, which prevents biometric login features and notifications from appearing on the lock screen.
To further protect users from spying and data loss, only apps currently being used in the foreground can access the microphone, camera and other sensors regardless of the API.