More

    Legacy Management (DA) To Android Enterprise: Advantages of Migration

    2020 was the year of many firsts. With the entire global workforce being pushed into the new style of working, the use of mobile devices for work (and inevitably in the workplace, when the offices reopen) has seen exponential growth. With the increasing demand for mobility from all sectors and Industry 4.0, the world wasn’t entirely unprepared for this change. However, the massive scale at which the organizations had to move their operations to remote work has led to several security concerns that are not entirely imprecise.

    Legacy Management to Android Enterprise
    Legacy Management to Android Enterprise

    Legacy Management with DA

    For Android devices used in work, Device Admin or the DA API made available by Google with Android 2.2 extended the much-needed provisions to configure policies. DA is the legacy method of onboarding and configuring the Android devices used at work. Later when Android 9.0 was announced, it was also brought in the news of certain policies being detracted. The policies that were deprecated were: 

    • USES_POLICY_DISABLE_CAMERA: disabling the use of all device cameras
    • USES_POLICY_DISABLE_KEYGUARD_FEATURES: disabling the use of keyguard features
    • USES_POLICY_EXPIRE_PASSWORD: forcing the user to change the device password after an administrator-defined time limit.
    • USES_POLICY_LIMIT_PASSWORD: limiting the passwords that the user can select

    Although these policies were critical, this was done because of the limitations brought in by DA APIs that were not fulfilling the dynamic requirements of the enterprise environment. 

    While organizations can still continue using legacy management for their Android devices, they should be prepared for the limitations of the same. Also, with Android Q, managing devices with DA/legacy is going to be inefficient in the coming years. 

    Limitations of Legacy Management

    With the DA or the legacy method, the end-user has to install the MDM app on their devices, give the necessary permissions to the MDM app to act as the device admin and the policies are then installed on the device. This means that the end-user is in control of whether or not to enroll into management. Alternatively, the end-user can install multiple management apps on their devices creating a conflict of the ‘device owner’. 

    If the admins have to ensure that every device used in the enterprise environment is enrolled into the chosen MDM, they have to manually configure each. As we move towards more ‘contactless and remote’ everything, individually configuring the devices is not only cumbersome but can also put an excessive cognitive load on the IT teams managing a large device inventory. 

    Furthermore, having business apps installed on these devices requires user intervention. Imagine the lapses, errors and problems that could arise when end-users download an app for business purposes. A lot rides on the make and model of the device, downloading the right application and yet, the performance cannot be assumed to be consistent, leading to more support queries to the IT teams. 

    Clearly, legacy management is ‘legacy’ for a reason, it is not future-proof.

    Android Enterprise
    Photo by Mika Baumeister on Unsplash

    Enter Android Enterprise

    Earlier known as Android for Work, Google put forth the Android Enterprise in order to fill in the gaps created by legacy management. For devices running OS 5.0 and above, Android Enterprise presents a set of APIs that streamlines the process of managing the Android devices used for work. For devices with 6.0 and above, Android Enterprise is mandatory. This brings in a wide range of capabilities and configurations that are not available with the legacy management and are critical for corporate device and data security as well as to lighten the IT load. 

    For Android devices used for work, Scalefusion offers the following two types of management modes:

    Managed Corporate Owned Devices

    This applies to the devices owned by the organizations and used for work. They can either be a device used by employees with restricted access or an unattended device like a kiosk or digital signage. 

    Managed BYO Devices

    These are employee-owned devices, where a work container is configured and managed by the organization. While the Android Enterprise or Scalefusion does not have full control over the device, full control can be exercised over the work container. 

    Read more: Overview of Android Device Management

    With Scalefusion MDM software for android, if the organizations were using Android devices with 6.0 or lower, the legacy/DA method is encouraged only till enrollment. Once enrolled, the rest of the corporate device management settings stay the same. 

    Managing devices with DA is not just workable anymore, hence to migrate or not to migrate is not really the question. Here are the advantages of migrating to the Android Enterprise from legacy management, while using Scalefusion MDM.

    Prime Benefits of Migrating to Android Enterprise

    OOB (out of the box) experience

    Scalefusion MDM is installed right when the device is unboxed. The end-user does not have to initialize the MDM app installation. For Android devices with OS version 8.0 and above, this is paved by the Android Zero-touch enrollment method. Multiple devices can be configured and provisioned at once, over the air.

    Silent app installation

    On Android Enterprise devices, IT admins can push applications on the devices without any end-user intervention. These apps can be public (available in Play for Work) or private enterprise apps. The apps can be installed, configured, updated, cleared for data or uninstalled remotely at any time. App-wise restrictions can also be configured with ease.

    Password policies

    Considering the security implications caused by unauthorized access on the devices, Scaleusion MDM provisions configuring strong password policies for devices managed under Android Enterprise. The complexity of the passwords can be predefined along with the password expiry to periodically update the passwords across the entire device inventory.

    Factory Reset Protection

    For Android devices set up using the AE method, Scalefusion MDM prevents the misuse of corporate-owned devices with FRP. Factory Reset Protection cannot block the end-user by resetting the device. But when the device is reset, only certain, prespecified accounts can be used to get the device started again. Unless the end-user has access to these accounts, the device renders useless for them. This is a function used to curb the malicious use of corporate-owned devices.

    Added security via VPN

    When employees work remotely, they can connect to any unknown, public or shared networks possessing a threat to the security of corporate devices and data. To protect the corporate data from any such threats, routing the traffic to and fro the devices via VPN is an ideal solution. With Scalefusion MDM, for Android Enterprise devices, VPN can be enforced. The admin can push an approved VPN app silently on the devices, creates VPN configurations such as per-app VPN and all the traffic is tunneled via the VPN. For BYO devices, apps from the work container are routed through the VPN.

    Closing lines…

    There are several such advantages of migrating to Android Enterprise from legacy management. Apart from the reduced complexity and increased control, there are tons of configurations that are essential for the changing workplace dynamics that are available only within the AE setup. Managing your workplace Android devices with Android Enterprise and Scalefusion can help you to leverage the capabilities of Android and the wonders it can do to your business growth and workforce productivity.

    Renuka Shahane
    Renuka Shahane
    Renuka Shahane is an avid reader who loves writing about technology. She is an engineering graduate with 10+ years of experience in content creation, content strategy and PR for web-based startups.

    Product Updates

    Scalefusion OneIdP Reimagined: Introducing Single Sign-On and Enhancements to OneIdP Suite

    Identity and Access Management (IAM) tools oversee and regulate user access to business systems and resources. They ensure that only authorized individuals access business...

    Introducing Staggered Deployment for Android

    We're excited to unveil a new feature to simplify app deployment: Staggered Deployment for Android Enterprise and Recommended Applications. This feature is designed to...

    Introducing Maker-Checker: Enhancing Decision Making on Scalefusion

    In a world where human and technological imperfections coexist, having an extra pair of eyes never hurts, especially when dealing with large device inventories....

    Introducing Scalefusion ProSurf: A Secure Browser for Windows Devices

    We're thrilled to introduce Scalefusion ProSurf for Windows—a browser that delivers secure and controlled browsing experiences on managed Windows devices. Scalefusion ProSurf empowers organizations...

    Introducing Apple ID-driven Enrollment: Modern BYOD for iOS Devices

    We are excited to announce the launch of Apple ID-driven user enrollment. Enterprises can now leverage full-blown BYOD for iOS devices by enabling a...

    RBAC Implementation for UEM Dashboards: What You Need To Know

    Think of this the next time you’re on a private airline flight. As a passenger, can you simply walk...

    What is an Acceptable Use Policy  (AUP), and Why is it Crucial for Your Business?

    Using mobile devices in business operations has become indispensable. Employees rely on smartphones, tablets, and other portable devices to...

    Must read

    Scalefusion OneIdP Reimagined: Introducing Single Sign-On and Enhancements to OneIdP Suite

    Identity and Access Management (IAM) tools oversee and regulate...

    Introducing Maker-Checker: Enhancing Decision Making on Scalefusion

    In a world where human and technological imperfections coexist,...
    spot_img

    More from the blog

    Mobile Device Lifecycle Management (MDLM): The Ultimate Guide to Device Control

    Device lifecycle management plays an important role in overseeing mobile devices from their initial phase to their final disposal. It ensures devices are well-maintained,...

    Elevating Electronic Logging Device (ELD) Management for Trucks and Drivers

    Effective management of electronic logging devices (ELDs) is critical for maintaining compliance and efficiency in the trucking industry. ELDs have transformed how fleet managers...

    RBAC Implementation for UEM Dashboards: What You Need To Know

    Think of this the next time you’re on a private airline flight. As a passenger, can you simply walk into the cockpit and take...

    What is an Acceptable Use Policy  (AUP), and Why is it Crucial for Your Business?

    Using mobile devices in business operations has become indispensable. Employees rely on smartphones, tablets, and other portable devices to stay connected, access critical information,...