Support BYOD devices with Android Enterprise using SureMDM

 

With the adoption of BYOD (Bring Your Own Device), businesses are offering their employees freedom to use their mobile devices for both personal as well as official use. Though this flexibility to combine business and personal world is considered progressive for businesses, it also makes them vulnerable to a host of security threats and other risks.

BYOD enables personal devices to have ready access to business data anytime, from anywhere. Think about a company’s business data lying next to data sharing and social media apps. Easy access to both business and personal email accounts, unmonitored sharing, copy-pasting activities causes business data under constant security threat and prone to accidental or intentional misuse.

The mounting pressure to implement security solutions for BYOD means not only implementing the right infrastructure that could support BYOD program but also accommodate employees’ privacy and satisfaction.

A BYOD solution requires considerable support from OS platform to make it secure and robust. This is the reason most Android BYOD solutions available in the market so far are either very limited to specific device manufacturers (like Samsung) or require enterprise apps to be integrated with an SDK. Both the above limitations are counter-intuitive to the open and inclusive philosophy of BYOD. Finally, Google comes to the rescue.

Android Enterprise is an enterprise program from Google which helps companies providing access to business apps and data on employee phones, securely, without interfering with user’s personal data. Android Enterprise creates a secure isolated container, at operating system level, separating business data from personal data.  With no changes required in Android native user interface and in android application, all business apps can be easily deployed and securely accessed from work container.

42Gears is now a Google Android Enterprise Solution Provider.

SureMDM integration with Android Enterprise provides a flexible and effective solution to enable employee personal phones for work and counter security risks that come with it. It not only enables admins to create secure work container by separating business and personal apps but also restricts functions like copy, pasting to and from work apps, opening a corporate attachment, files, and links in personal apps and browsers. In addition, SureMDM also offers:

  Dedicated Google Play Store  Admins can select and approve enterprise apps (from Google Play store or in-house apps) for employees. Users can then access and install these from Google Play inside a container.

  Disabled app side loading – Admin can block installation of apps from unknown sources inside work container.

  Customized App Permissions – Admin can exercise fine-grained control by allowing and revoking individual permission requested by apps.

  Managed Configuration – Enterprise apps which support Android’s Managed Configurations framework can be remotely configured using SureMDM.

  Enterprise Wipe – When an employee leaves the company, admin can just wipe work container, deleting all apps and data within, leaving personal apps and data untouched.

More information regarding Android Enterprise can be found here.

There are two ways to enroll SureMDM account with Android Enterprise:

  1.  Using Gmail Account
  2.  Using Managed Google Account

1. Using Gmail Account

The following steps are involved in enrolling SureMDM with Android Enterprise:

  • Enroll SureMDM with Android Enterprise
  • Download and enroll SureMDM Nix Agent with Android Enterprise on the device
  • Approve applications on your Play for Work account
  • Create and push Work Profiles using SureMDM Web Console

Enroll SureMDM account with Android Enterprise

To enroll SureMDM with Android Enterprise, follow these steps:

1.  Login to SureMDM Web Console.

2. On SureMDM Home Screen, click Profiles.

Select_Profiles

3. Select Android > Enroll Android Enterprise.

Enroll_Android_Enterprise

4. On Enterprise Enrollment prompt, select Enroll using your Gmail account.

Enroll_Using_Your_Gmail_Account

Note: G Suite will not be supported by Managed Google Play Account. Select non-G Suite account.

5. On Google Play screen, click Sign In to login with the Gmail account and click Next.

Sign_In_Gmail_ID

6. Enter your organization name in Business Name and click Next.

EMM Provider name

7.  Enter EU Representative details: Name, Email, Phone and click Confirm.

EU_Representative

A message will be displayed on completion of Android Enterprise setup.

Complete_Registration

8.  Click Complete Registration.

Once Android Enterprise gets enrolled to the MDM account,  two new options are visible in Profiles > Android screen.

Android_Profile_options

  1. AFW Apps

Under AFW Apps, there are following options:

        AFW_Apps

  • Login to Google Play for Work – This option displays list of Enterprise Approved Apps.  To approve apps, go to Google Play for Work, log in using the same Gmail account enrolled with Android Enterprise and start approving apps.
  • Configure Store Layout – Admin can use the basic layout or create a new page to display all Enterprise Approved Apps.

2. Settings – This option allows to change store layout, keep track of Enterprise Approved Apps and licenses, direct enrollment of devices in COSU using QR code enrollment and option to unenroll from Android Enterprise.

Download and enroll SureMDM Nix Agent with Android Enterprise on the device

Once the SureMDM account is enrolled with Android Enterprise, the device also needs to get enrolled with the Android Enterprise account. This process gets started with configuring SureMDM Nix Agent with Android Enterprise.

To configure Nix agent with Android Enterprise, follow these steps:

1. Install SureMDM Nix Agent on the  Android device.

2. Enroll the device with SureMDM account by giving Account ID.

SureMDM Account ID

  2. Go to Nix Agent Settings, tap Android Enterprise.

Android_Enterprise

3. On Android Enterprise Settings, tap Enroll your device.

Enroll_Your_Device

4. On Provision Enterprise screen, tap Set up managed profile on this device.

Set_Up_Managed_Profile_On_This_Device

5.  Go through the terms and conditions and tap Accept & Continue

View Terms

Once you accept and continue, setting up of Work Profile will progress.

Once done, SureMDM will create a secured Android Enterprise container on the device. The device user can verify this with a small orange briefcase badge appearing on SureMDM Nix Agent.

App_Container

Note: For devices older than Android 6.0, the user needs to encrypt the device to complete the enrollment process. You can follow on-screen instructions to do so.

 

Approve applications to your Play for Work account

1. Login to https://play.google.com/work with your registered Gmail Id.

2. Search and select for any public app and click Approve to approve it for your enterprise.

Google_Play_Approve

The approved apps will be listed as shown in the screenshot below:

Google_Play_approved_apps

 

Note: To approve any in-house private app, read here.

Create and push Work Profiles using SureMDM Web Console

1. Login to SureMDM Web Console and click Profiles

2. On Profiles screen, go to Android tab and click Add.

3. On Work Profile prompt, give a name to the profile and make desired changes under following three options:

  • Password Policy – Set password policy for the device user.
  • System Settings – Set policies to enable or disable certain system settings like USB debugging, install from unknown sources and more.
  • Application Policy – Click Add to add an application from your Play for Work list of approved applications.

Three_Profiles

4. Click Save to complete.

5. Now, go back to SureMDM Home, select the device or a group and click Apply.

Select_device

Note: You can also make any Profile as default. This gets auto applied to any newly enrolled device in SureMDM.

 

2.  Using Managed Google Account

The following steps are for enrolling SureMDM with Android Enterprise using managed Google account:

  • Enroll SureMDM with Android Enterprise
  • Activate Android Enterprise’s BYOD profile on the device

Enroll SureMDM with Android Enterprise

To enroll SureMDM with Android Enterprise, follow these steps:

1.  Login to SureMDM Web Console.

2.  On SureMDM Home Screen, click Profiles > Android > Enroll Android Enterprise.

Enroll_Android_Enterprise

3.  On Enterprise Enrollment prompt, select Enroll Using Your Managed Google Account.

Select_Using_Mana,ged_Google_Account

4.  Enter Google Managed Domain and Token ID and click Enroll.

 

Note: To generate Token ID, follow these steps:

1. Browse to admin.google.com in abrowser.

2. Enter G Suite admin domain ID and Password,

3. Click Login.

    Google Admin console will appear.

4. In Google admin console, click Security option.

5. In Security window, click Show more.

6. Click Manage EMM provider for Android > Generate Token.

Generate_Token

Token will be generated.

Copy the generated token and paste it in Token ID field in SureMDM Web Console.

Once Android Enterprise gets enrolled to the MDM account,  two new options are visible in Profiles > Android screen.

  1. AFW Apps

Under AFW Apps, there are following options:

        AFW_Apps

  • Login to Google Play for Work – This option displays list of Enterprise Approved Apps.  To approve apps, go to Google Play for Work, log in using the same Gmail account enrolled with Android Enterprise and start approving apps.
  • Configure Store Layout – Admin can use the basic layout or create a new page to display all Enterprise Approved Apps.

2. Settings – This option allows to change store layout, keep track of Enterprise Approved Apps and licenses, direct enrollment of devices in COSU using QR code enrollment and option to unenroll from Android Enterprise.

Activate Android Enterprise’s BYOD profile on the device

To activate BYOD profile on the device, follow these steps:

1. On the device, navigate to Settings > Users and accounts > Add Account.

Add_Account

2.  Enter domain User Name and Password. These are the credentials that are registered for Android Enterprise.

Domain Login

3. Go through the Terms of Service and tap I agree to continue.

Terms of Service

SureMDM Nix Agent app will be displayed for Google account.

4.  Tap Install.

SureMDM_Nix_Agent_Install

 

SureMDM Nix Agent app will start downloading.  

5.  Go through the terms and conditions and tap Accept & Continue.

View Terms

Once you accept and continue, setting up of Work Profile will progress.

Once done, SureMDM will create a secured Android Enterprise container on the device. The device user can verify this with a small orange briefcase badge appearing on SureMDM Nix Agent.

App_Container

Once these setup steps are taken care of, business apps and data in the enrolled device are secured without compromising on your employees’ productivity, privacy and satisfaction.

To read more about SureMDM, click here.

 

Signup for SureMDM Free Trial
 

Leave a Comment