Legacy Management (DA) To Android Enterprise: Advantages of Migration

    Share On

    2020 was the year of many firsts. With the entire global workforce being pushed into the new style of working, the use of mobile devices for work (and inevitably in the workplace, when the offices reopen) has seen exponential growth. With the increasing demand for mobility from all sectors and Industry 4.0, the world wasn’t entirely unprepared for this change. However, the massive scale at which the organizations had to move their operations to remote work has led to several security concerns that are not entirely imprecise.

    Legacy Management to Android Enterprise
    Legacy Management to Android Enterprise

    Legacy Management with DA

    For Android devices used in work, Device Admin or the DA API made available by Google with Android 2.2 extended the much-needed provisions to configure policies. DA is the legacy method of onboarding and configuring the Android devices used at work. Later when Android 9.0 was announced, it was also brought in the news of certain policies being detracted. The policies that were deprecated were: 

    • USES_POLICY_DISABLE_CAMERA: disabling the use of all device cameras
    • USES_POLICY_DISABLE_KEYGUARD_FEATURES: disabling the use of keyguard features
    • USES_POLICY_EXPIRE_PASSWORD: forcing the user to change the device password after an administrator-defined time limit.
    • USES_POLICY_LIMIT_PASSWORD: limiting the passwords that the user can select

    Although these policies were critical, this was done because of the limitations brought in by DA APIs that were not fulfilling the dynamic requirements of the enterprise environment. 

    While organizations can still continue using legacy management for their Android devices, they should be prepared for the limitations of the same. Also, with Android Q, managing devices with DA/legacy is going to be inefficient in the coming years. 

    Limitations of Legacy Management

    With the DA or the legacy method, the end-user has to install the MDM app on their devices, give the necessary permissions to the MDM app to act as the device admin and the policies are then installed on the device. This means that the end-user is in control of whether or not to enroll into management. Alternatively, the end-user can install multiple management apps on their devices creating a conflict of the ‘device owner’. 

    If the admins have to ensure that every device used in the enterprise environment is enrolled into the chosen MDM, they have to manually configure each. As we move towards more ‘contactless and remote’ everything, individually configuring the devices is not only cumbersome but can also put an excessive cognitive load on the IT teams managing a large device inventory. 

    Furthermore, having business apps installed on these devices requires user intervention. Imagine the lapses, errors and problems that could arise when end-users download an app for business purposes. A lot rides on the make and model of the device, downloading the right application and yet, the performance cannot be assumed to be consistent, leading to more support queries to the IT teams. 

    Clearly, legacy management is ‘legacy’ for a reason, it is not future-proof.

    Android Enterprise
    Photo by Mika Baumeister on Unsplash

    Enter Android Enterprise

    Earlier known as Android for Work, Google put forth the Android Enterprise in order to fill in the gaps created by legacy management. For devices running OS 5.0 and above, Android Enterprise presents a set of APIs that streamlines the process of managing the Android devices used for work. For devices with 6.0 and above, Android Enterprise is mandatory. This brings in a wide range of capabilities and configurations that are not available with the legacy management and are critical for corporate device and data security as well as to lighten the IT load. 

    For Android devices used for work, Scalefusion offers the following two types of management modes:

    Managed Corporate Owned Devices

    This applies to the devices owned by the organizations and used for work. They can either be a device used by employees with restricted access or an unattended device like a kiosk or digital signage. 

    Managed BYO Devices

    These are employee-owned devices, where a work container is configured and managed by the organization. While the Android Enterprise or Scalefusion does not have full control over the device, full control can be exercised over the work container. 

    Read more: Overview of Android Device Management

    With Scalefusion MDM software for android, if the organizations were using Android devices with 6.0 or lower, the legacy/DA method is encouraged only till enrollment. Once enrolled, the rest of the corporate device management settings stay the same. 

    Managing devices with DA is not just workable anymore, hence to migrate or not to migrate is not really the question. Here are the advantages of migrating to the Android Enterprise from legacy management, while using Scalefusion MDM.

    Prime Benefits of Migrating to Android Enterprise

    OOB (out of the box) experience

    Scalefusion MDM is installed right when the device is unboxed. The end-user does not have to initialize the MDM app installation. For Android devices with OS version 8.0 and above, this is paved by the Android Zero-touch enrollment method. Multiple devices can be configured and provisioned at once, over the air.

    Silent app installation

    On Android Enterprise devices, IT admins can push applications on the devices without any end-user intervention. These apps can be public (available in Play for Work) or private enterprise apps. The apps can be installed, configured, updated, cleared for data or uninstalled remotely at any time. App-wise restrictions can also be configured with ease.

    Password policies

    Considering the security implications caused by unauthorized access on the devices, Scaleusion MDM provisions configuring strong password policies for devices managed under Android Enterprise. The complexity of the passwords can be predefined along with the password expiry to periodically update the passwords across the entire device inventory.

    Factory Reset Protection

    For Android devices set up using the AE method, Scalefusion MDM prevents the misuse of corporate-owned devices with FRP. Factory Reset Protection cannot block the end-user by resetting the device. But when the device is reset, only certain, prespecified accounts can be used to get the device started again. Unless the end-user has access to these accounts, the device renders useless for them. This is a function used to curb the malicious use of corporate-owned devices.

    Added security via VPN

    When employees work remotely, they can connect to any unknown, public or shared networks possessing a threat to the security of corporate devices and data. To protect the corporate data from any such threats, routing the traffic to and fro the devices via VPN is an ideal solution. With Scalefusion MDM, for Android Enterprise devices, VPN can be enforced. The admin can push an approved VPN app silently on the devices, creates VPN configurations such as per-app VPN and all the traffic is tunneled via the VPN. For BYO devices, apps from the work container are routed through the VPN.

    Closing lines…

    There are several such advantages of migrating to Android Enterprise from legacy management. Apart from the reduced complexity and increased control, there are tons of configurations that are essential for the changing workplace dynamics that are available only within the AE setup. Managing your workplace Android devices with Android Enterprise and Scalefusion can help you to leverage the capabilities of Android and the wonders it can do to your business growth and workforce productivity.

    Renuka Shahane
    Renuka Shahane
    Renuka Shahane is an avid reader who loves writing about technology. She is an engineering graduate with 10+ years of experience in content creation, content strategy and PR for web-based startups.

    Latest Articles

    Introducing OneIdP: Transform Shared Device and Identity Management on Scalefusion

    We're thrilled to share a major leap in our journey of innovation – the introduction of our very first Identity Management Solution- OneIdP. This...

    How UEM Can Manage First Responder Devices 

    There have been lots of heart-pounding Hollywood hits that have showcased the tasks and lives of a section of our society. Ladder 49, anyone?...

    Understanding the Role of MDM in Education 4.0

    In ancient Greece, formal education was primarily reserved for males and excluded enslaved people. Early Mesopotamia restricted access to schooling to royal descendants, the...

    Latest From Author

    How to Ensure Privacy and Security in Business Macs

    In times when cyber attacks are rampant and creating significant financial and reputation losses, organizations need to follow the best cybersecurity practices to keep...

    Empowering ISO 27001:2022 Compliance with Mobile Device Management (MDM)

    The landscape of cybersecurity is in a constant state of flux, and with the introduction of ISO 27001:2022, the rules of engagement are evolving...

    Apple Device Management (Apple MDM): A Comprehensive Guide

    Apple's presence in the business arena is more than just a footnote; it's a game-changer. With a suite of products designed to empower, inspire,...

    More from the blog

    Understanding the Role of MDM in Education 4.0

    In ancient Greece, formal education was primarily reserved for males and excluded enslaved people. Early Mesopotamia restricted access to...

    How MDM Supports a Mobile-First Business Strategy

    It’s the planet of mobiles. Communication, learning, entertainment, or business; it’s all about mobile devices. Hence, it's no surprise...

    MDM Implementation Guide for Your Transit Company

    In an era where mobile devices are integral to daily business operations, ensuring the efficient management and security of...