2020 was the year of many firsts. With the entire global workforce being pushed into the new style of working, the use of mobile devices for work (and inevitably in the workplace, when the offices reopen) has seen exponential growth. With the increasing demand for mobility from all sectors and Industry 4.0, the world wasn’t entirely unprepared for this change. However, the massive scale at which the organizations had to move their operations to remote work has led to several security concerns that are not entirely imprecise.
Legacy Management with DA
For Android devices used in work, Device Admin or the DA API made available by Google with Android 2.2 extended the much-needed provisions to configure policies. DA is the legacy method of onboarding and configuring the Android devices used at work. Later when Android 9.0 was announced, it was also brought in the news of certain policies being detracted. The policies that were deprecated were:
- USES_POLICY_DISABLE_CAMERA: disabling the use of all device cameras
- USES_POLICY_DISABLE_KEYGUARD_FEATURES: disabling the use of keyguard features
- USES_POLICY_EXPIRE_PASSWORD: forcing the user to change the device password after an administrator-defined time limit.
- USES_POLICY_LIMIT_PASSWORD: limiting the passwords that the user can select
Although these policies were critical, this was done because of the limitations brought in by DA APIs that were not fulfilling the dynamic requirements of the enterprise environment.
While organizations can still continue using legacy management for their Android devices, they should be prepared for the limitations of the same. Also, with Android Q, managing devices with DA/legacy is going to be inefficient in the coming years.
Limitations of Legacy Management
With the DA or the legacy method, the end-user has to install the MDM app on their devices, give the necessary permissions to the MDM app to act as the device admin and the policies are then installed on the device. This means that the end-user is in control of whether or not to enroll into management. Alternatively, the end-user can install multiple management apps on their devices creating a conflict of the ‘device owner’.
If the admins have to ensure that every device used in the enterprise environment is enrolled into the chosen MDM, they have to manually configure each. As we move towards more ‘contactless and remote’ everything, individually configuring the devices is not only cumbersome but can also put an excessive cognitive load on the IT teams managing a large device inventory.
Furthermore, having business apps installed on these devices requires user intervention. Imagine the lapses, errors and problems that could arise when end-users download an app for business purposes. A lot rides on the make and model of the device, downloading the right application and yet, the performance cannot be assumed to be consistent, leading to more support queries to the IT teams.
Clearly, legacy management is ‘legacy’ for a reason, it is not future-proof.
Enter Android Enterprise
Earlier known as Android for Work, Google put forth the Android Enterprise in order to fill in the gaps created by legacy management. For devices running OS 5.0 and above, Android Enterprise presents a set of APIs that streamlines the process of managing the Android devices used for work. For devices with 6.0 and above, Android Enterprise is mandatory. This brings in a wide range of capabilities and configurations that are not available with the legacy management and are critical for corporate device and data security as well as to lighten the IT load.
For Android devices used for work, Scalefusion offers the following two types of management modes:
Managed Corporate Owned Devices
This applies to the devices owned by the organizations and used for work. They can either be a device used by employees with restricted access or an unattended device like a kiosk or digital signage.
Managed BYO Devices
These are employee-owned devices, where a work container is configured and managed by the organization. While the Android Enterprise or Scalefusion does not have full control over the device, full control can be exercised over the work container.
Read more: Overview of Android Device Management
With Scalefusion MDM software for android, if the organizations were using Android devices with 6.0 or lower, the legacy/DA method is encouraged only till enrollment. Once enrolled, the rest of the corporate device management settings stay the same.
Managing devices with DA is not just workable anymore, hence to migrate or not to migrate is not really the question. Here are the advantages of migrating to the Android Enterprise from legacy management, while using Scalefusion MDM.
Prime Benefits of Migrating to Android Enterprise
OOB (out of the box) experience
Scalefusion MDM is installed right when the device is unboxed. The end-user does not have to initialize the MDM app installation. For Android devices with OS version 8.0 and above, this is paved by the Android Zero-touch enrollment method. Multiple devices can be configured and provisioned at once, over the air.
Silent app installation
On Android Enterprise devices, IT admins can push applications on the devices without any end-user intervention. These apps can be public (available in Play for Work) or private enterprise apps. The apps can be installed, configured, updated, cleared for data or uninstalled remotely at any time. App-wise restrictions can also be configured with ease.
Considering the security implications caused by unauthorized access on the devices, Scaleusion MDM provisions configuring strong password policies for devices managed under Android Enterprise. The complexity of the passwords can be predefined along with the password expiry to periodically update the passwords across the entire device inventory.
Factory Reset Protection
For Android devices set up using the AE method, Scalefusion MDM prevents the misuse of corporate-owned devices with FRP. Factory Reset Protection cannot block the end-user by resetting the device. But when the device is reset, only certain, prespecified accounts can be used to get the device started again. Unless the end-user has access to these accounts, the device renders useless for them. This is a function used to curb the malicious use of corporate-owned devices.
Added security via VPN
When employees work remotely, they can connect to any unknown, public or shared networks possessing a threat to the security of corporate devices and data. To protect the corporate data from any such threats, routing the traffic to and fro the devices via VPN is an ideal solution. With Scalefusion MDM, for Android Enterprise devices, VPN can be enforced. The admin can push an approved VPN app silently on the devices, creates VPN configurations such as per-app VPN and all the traffic is tunneled via the VPN. For BYO devices, apps from the work container are routed through the VPN.
There are several such advantages of migrating to Android Enterprise from legacy management. Apart from the reduced complexity and increased control, there are tons of configurations that are essential for the changing workplace dynamics that are available only within the AE setup. Managing your workplace Android devices with Android Enterprise and Scalefusion can help you to leverage the capabilities of Android and the wonders it can do to your business growth and workforce productivity.