Empowering Efficiency: Android Enterprise Management Solutions

Google’s Troubled Past with Android in the Enterprise 

Prior to 2011, all Android devices made were consumer phones or tablets. This all changed when the rugged hardware manufacturers began introducing rugged Android enterprise devices in addition to the (then standard) Windows devices. Symbol led the way with their MC40 which gained adoption at a number of large customers, such as Walmart. 

One of the big downsides for early adopters of Android devices is they lacked the management and administration tools to configure them for enterprise use cases. Multiple EMM companies attempted to resolve the issues with features and add-ons, but it has remained a problem in multiple ways and shapes until recently…with the introduction of Android Enterprise. 

How Android Enterprise is Going to Make Things Better

Google has long been associated with broad fragmentation due to numerous device manufacturers, form-factors and customized versions of the OS for each device. While this is a positive, especially in the consumer market, the range of options available (“be together, not the same”) presents a headache for integrators and developers who aim to deliver consistency across multiple devices.

Many unique Android avatars in a crowded truck

 
Introduction of Managed Configurations
Over the last few years, Google has been adding features into the Android platform that help alleviate some of the difficulties in managing the breadth of options. They have expanded Managed Configurations to provide a common method of passing preferences and configurations to any Android application or device. Over 80 features supported by Android Enterprise APIs standardize how those commands are received and applied. Managed Configs, specifically designed to standardize enterprise deployments, might warrant updating the ad-campaign from “be together, not the same” to “same same, but different.” 

Recently, OEMConfig was introduced as an extension of Managed Configurations. Each OEM has different extensions available to configure proprietary features like scanners and buttons, (e.g. Zebra’s MX and Honeywell’s EZConfig). I previously mentioned how EMMs and developers often had to account for configuring OEM specific features by creating custom code in their tools. Now, Google has taken a step to bring order to those extensions by defining a schema that allows communication of what settings are available and applied.  EMMs can scan those proprietary features and present them in a GUI like Workspace ONE or SOTI MobiControl. Previously, if an EMM was missing an option (e.g. screen rotation for Samsung devices) it had to be programmatically set via intents or other custom code. Now, when an OEM adds a new feature — along with the managed config — the option is ready to be configured by admins instantly, bypassing the EMM feature release cycles.
OEM Configuration Process flow diagram

Standardizing device management schemas and APIs, Google has taken the burden of building extensions for each OEM off the shoulders of EMM companies and enabled OEMs to expose all possible configurations via managed configurations. EMMs can now spend more time building out other features for their products, rather than supporting device manufacturers’ implementations. 

Making Enrollment Easier for Company-Owned Devices 

New rapid enrollment methods leverage the Google Play Store for hosting and installing, effectively eliminating the need to manually stage a device ever again. Android now includes EMM enrollment methods built into the OS.  Before the release of Android Lollipop (5.0), devices required a hands-on manual process to enroll into EMM management. This sideload enrollment method was not only time consuming but also prone to permission issues and human error.

New enrollment types introduced in Android 6.0, 7.0 and 8.0 bring speed and simplicity while removing the need for a staging computer to sideload an EMM agent. In fact, the method of sideloading to set device administrator is deprecated in Android 9.0 and requires one of these new enrollment and management methods:

  • Zero-Touch (8.0): Designate a device to automatically enroll out-of-the-box after network connection
  • QR Code (7.0): Scan a QR Code from welcome screen to download and enroll from Play Store
  • NFC (6.0): Tap a parent device to instruct child device to download and enroll

How Managing Android Devices is No Longer an Afterthought for Google

If we reference the way BlueFletch defines the management of Android platform stack, you will see how Google has begun to shift their strategy to include more capabilities. We define the Android platform from the ground up consisting of 4 capabilities, or layers:

Android Platform Stack
  • Image: the base operating system, Android OS
  • Configuration: operational and functional settings, e.g. OEM specific additions like scanners
  • Customization: business specific look-and-feel settings
  •  Deployment: applications installed on device 

In the early years, Android in the enterprise focused on the base Image exclusively and left everything else downstream. Today, they have moved beyond just the image and now have solutions for all areas of the stack. The OEMConfig addition by Google leverages Android Managed Configurations to provide OEMs a consistent and reusable way to allow their proprietary features to be configured. The Customizations available in Android have long been a competitive advantage over iOS, and we’re seeing enterprises leverage replacement Launchers like the BlueFletch Enterprise Launcher to display branding that looks and feels in line with corporate branding. For Deployment, Google has made a big push to require applications deploy via the Play Store rather than legacy sideload method leveraged by MDM/EMMs. A managed Google Play account is associated with each device in Device Owner mode automatically, eliminating another step for administrators for setup. These enhancements are all free of charge to the end-users and are Google’s value-add to their platform to ensure Android is the dominant OS in the enterprise for years to come

Looking Towards the Future

What Should You Be Doing Now to Prepare for Android Enterprise

 

If you haven’t yet made the switch to Android Enterprise, here are some things you should be doing now to prepare:

  1. Enroll all new devices with Android Enterprise Owner Mode as there is not an automated cutover from legacy Device Admin mode.  If you want to make the change in the future, it might warrant factory resetting all devices which can be especially painful if they are already distributed over a large area.
  2. Leverage OEMConfig for necessary device-specific settings but only those settings which cannot be managed via native EMM features.  This is because managed configurations for OEMConfig come down as a single payload and gets fully applied, even if just a single setting is switched and all other settings remain the same.
  3. If you are an enterprise application developer, leverage Managed Configurations for the app config and use the app feedback channel to understand how apps are truly configured within your MDM portal.
  4. Tell your VAR to use the zero-touch portal for simplified EMM enrollment and additional device security.  Even if a device is stolen and factory reset, it will continuously enroll back into corporate management without a bypass.

Closing Thoughts

All this dedicated development and continued progress with Android Enterprise got me thinking about what the future may bring from Google.  While I don’t think Google will be building their own complete EMM to compete with VMWare or SOTI, they have laid most of the groundwork required to accomplish this.  In theory, a UI is the main component missing from a full management solution by Google. The device can be enrolled into a Managed Google Account, where apps can be deployed to devices via Play Store. With Managed Configurations enabled by major OEMs, only a portal is missing to set all device settings via Android Enterprise APIs and the Android Device Policy app. Organization of devices into different regions/lines of business/functions has not yet been designed or developed, but would already be possible via roles/groups/accounts present in G-Suite organizations.

While we wait and see what Google does in this space, EMMs build out new features to further support IoT devices and leverage analytics + artificial intelligence to automate device management.  We can only guess how Google will continue to standardize Android Enterprise, but it has been an exciting shift for developers and admins accustomed to the pains of legacy management. Who knows… maybe Google will create a Pixel Rugged device to completely occupy all components of enterprise mobility.