Android Enterprise is a Google-led initiative to enable the use of Android devices and applications in a workspace. This program offers APIs and tools for developers to integrate support of Android devices into the EMM (enterprise mobility management) or UEM (Unified Endpoint Management) solutions.
The following are the key terms associated with Android Enterprise. This article will help you understand how to configure and deploy settings while managing devices in Android Enterprise.
- Android Device Administration API – This is the legacy mode of device management that was introduced in Android 2.2 to support enterprise applications by offering the Android Device Administration API and providing device administration features at the system level. This mode of device management is now deprecated by Google. Please refer to this announcement.
https://developers.google.com/android/work/device-admin-deprecation - Google Play EMM API – The Google Play EMM API supports the full app management lifecycle in Android Enterprise. This uses the features built into managed Google Play to create an intuitive app management experience for IT admins. The Google Play EMM API lets the administrator integrate tasks such as approving, installing, and deleting apps directly into your EMM console. The EMMs develop a device admin application that enforces remote/local device security policies. These policies could be hard-coded into the application, or the application could dynamically fetch policies from the server.
- Android Management API – This is the successor to the Google Play EMM API that first enabled Android Enterprise. Google allows IT administrators to manage the fleet of Android devices and their apps through the Android Management API. This mode of device management doesn’t require the device administrator to install a proprietary UEM Agent app e.g. SureMDM Agent on the device. Instead, the Android Device Policy app handles the policy controller and makes the policy deployment unified across UEM solutions.
- BYOD (Work profile for employee-owned devices) – The “Bring Your Own Devices (BYOD)” are personally owned but employ an Android work profile that separates work and personal apps to protect the business while preserving user privacy.
- Work Profile – This is also known as Profile Owner. This management mode will create a dedicated container on the devices for only corporate applications and content. This mode maintains the separation of work and corporate data and is preferred for employee-owned devices. The administrator can only manage the corporate applications and content on the devices but does not have access to the user’s personal data and apps.
- Dedicated Devices (formerly called corporate-owned single-use, or COSU) – This mode is a subset of fully managed devices that serve a specific purpose. This mode is preferred for corporate-owned devices. The devices in this mode are typically locked to a single app or set of apps.
- Work Managed – This is also known as Device Owner or Fully Managed Mode. This mode is preferred for corporate-owned devices. The device should be factory reset in order to set up this mode. This will convert the device into a kiosk allowing access to only approved corporate apps and data. This mode will not allow users to configure personal apps via the Google Play store.
- Personally enabled – Corporate or company-owned devices can be enabled for personal use with the same privacy and data protection as BYOD. It makes work and personal use seamless yet secure within a single device.
- Corporate Owned Personally Enabled – Corporate Owned Personally (COPE) is similar to Work Managed Device, but users will receive a Work Profile to access corporate applications and data. This mode of management is preferred for corporate-owned devices. In this mode of management, the users will have access to the personal Google Play Store outside of the Work Profile. This mode is supported from Android 8.0 onwards.
- Dedicated device – These devices are used for specific tasks, such as scanning bags or reporting maintenance tasks. IT can restrict apps on a corporate-owned device, preventing users from enabling unapproved apps or functions.
- Work only – These devices are focused for work only. These devices are fully managed with a broad range of device settings and additional policy controls.
- AOSP/Closed Network – The AOSP (Android Open Source Project) or Closed Network refers to Android devices without having Google Mobile Services (GMS) and EMM environments with no access to Google. In this mode of Management, no Google account is created.
- Managed Google Play iframe – The EMMs can embed managed Google Play directly into the console to offer unified mobility management for the customers. The IT Administrator can search and browse any applications, and publish and manage private apps, and website shortcuts for their enterprise from managed Google Play iframe. They can also configure how apps are organized in the Play Store app on their user’s devices.
- Zero-touch Enrollment – Zero-touch enrollment in Android Enterprise is a streamlined method of provisioning work-managed (Device Owner) Android devices in bulk. This is an out-of-the-box EMM enrollment that does not require the manual processes that are typically associated with Android provisioning. The administrators can pre-configure work-managed Android devices before shipping so that the devices are automatically enrolled into the EMMs console after a factory reset. The devices are purchased from a reseller partner who can transmit IMEI or serial numbers to the Android zero-touch portal and set up a zero-touch enrollment account for your organization. This mode of enrollment is supported on compatible devices running Android 8.0 and onwards.
- QR Code Enrollment – To enroll devices into device owner mode, the IT admin can generate a QR code and then on a new factory reset device, tap the screen 6 times in the same spot to prompt the user to scan a QR code. This mode of enrollment is supported from Android 7.0 onwards.
- NFC Bump – NFC Bump is a communication technology, which allows devices to exchange the enrollment configuration by placing them next to each other.
- NFC Enrollment – To enroll devices into device owner mode, IT admins can generate an NFC bump of all the enrollment configurations in a reference device and then place an NFC-enabled device next to it for instant enrollment and configuration. This mode of enrollment is supported from Android 6.0 onwards.
- EMM Token – This is the Unique ID that EMMs use to connect to the Managed Google Account. E.g. afw#suremdm
- DPC Enrollment/EMM Token Enrollment – If the Android Device Policy can’t be added via QR code or NFC, then the IT admin can enroll the device using the DPC identifier. E.g. afw#setup, afw#suremdm. The device should be factory reset in order to set up this mode.
- Android Enterprise Recommended – These are the devices that meet Google’s highest standards. Regular security updates are guaranteed and partners are trained to support all things Android.
- OEMConfig – Many device manufacturers or OEMs support custom, OEM-specific device management policies. OMConfig is the standard that EMM providers and OEMs follow in order to make these policies available to IT Admins. The OEMs or device manufacturers that support the OEMConfig publish their own OEMConfig app into Google Play. The OEMConfig app uses managed app configurations as a way to configure the OEM-specific policies on the device.
- PFW Apps – It is the acronym for Play For Work apps.
- Google Service Account – This is a special Google account that is used by applications to access Google APIs recommended for customers who use G Suite.
- Managed Google Domain – This is the domain that is claimed for enabling Android associated with your enterprise.
- Managed Google Account – This refers to the Google account registered to the device used for Android and provides Android app management through Google Play. This will be managed by the domain that manages your Android configuration.
- Managed Google Play Account – To use Android operating system in an enterprise, IT administrators need accounts to deploy and manage apps, and to provide a curated Google Play store for the organization. This will be helpful for organizations that want to set up Android but do not have G Suite Accounts or Managed Google Accounts.