With the adoption of BYOD (Bring Your Own Device), businesses are offering their employees freedom to use their mobile devices for both personal as well as official use. Though this flexibility to combine business and personal world is considered progressive for businesses, it also makes them vulnerable to a host of security threats and other risks.
BYOD enables personal devices to have ready access to business data anytime, from anywhere. Think about a company’s business data lying next to data sharing and social media apps. Easy access to both business and personal email accounts, unmonitored sharing, copy-pasting activities causes business data under constant security threat and prone to accidental or intentional misuse.
The mounting pressure to implement security solutions for BYOD means not only implementing the right infrastructure that could support BYOD program but also accommodate employees’ privacy and satisfaction.
A BYOD solution requires considerable support from OS platform to make it secure and robust. This is the reason most Android BYOD solutions available in the market so far are either very limited to specific device manufacturers (like Samsung) or require enterprise apps to be integrated with an SDK. Both the above limitations are counter-intuitive to the open and inclusive philosophy of BYOD. Finally, Google comes to the rescue.
Android for Work is an enterprise program from Google which helps companies providing access to business apps and data to employee phones, securely, without interfering with user’s personal data. Android for Work creates a secure isolated container, at operating system level, separating business data from personal data. With no changes required in Android native user interface and in android application, all business apps can be easily deployed and securely accessed from work container.
42Gears is now a Google Android for Work Solution Provider.
SureMDM integration with Android for Work provides a flexible and effective solution to enable employee personal phones for work and counter security risks that come with it. It not only enables admins to create secure work container by separating business and personal apps but also restricts functions like copy, pasting to and from work apps, opening a corporate attachment, files, and links in personal apps and browsers. In addition, SureMDM also offers:
Dedicated Google Play Store – Admins can select and approve enterprise apps (from Google Play store or in-house apps) for employees. Users can then access and install these from Google Play for Work inside a container.
Disabled app side loading – Admin can block installation of apps from Unknown Sources inside work container.
Customized App Permissions – Admin can exercise fine-grained control by allowing and revoking individual permission requested by apps.
Managed Configuration – Enterprise apps which support Android’s Managed Configurations framework can be remotely configured using SureMDM.
Enterprise Wipe – When an employee leaves the company, admin can just wipe work container, deleting all apps and data within, leaving personal apps and data untouched.
More information regarding Android for Work can be found here.
How to enroll SureMDM account with Android for Work?
1. Login to SureMDM Web Console
2. Once on SureMDM Home Screen, click on EMM
3. On EMM screen, under Android, click on Enroll AFW
4. This will take you to play.google.com, sign in with your Gmail account and click on Get Started
5. Enter your organization’s details and click on Confirm
6. On Setup complete page, click on Complete Registration go back to SureMDM Web Console
7. On SureMDM Web Console, you will get a message – “Successfully enrolled your enterprise” and you will see two new options on Android EMM screen –
- AFW Apps – This option shows the list of Enterprise Approved Apps. To approve AFW Apps, go to Google Play for Work, log in using the same Gmail account enrolled with AFW and start approving apps.
- Settings – This option allows you to change store layout, keep track of Enterprise Approved Apps and licenses and option to un-enrol from Android for Work
How to configure SureMDM Nix Agent with Android for Work account?
1. Once you have enrolled your SureMDM account with AFW as explained above, go to your Android device and install SureMDM Nix Agent
2. Go to Nix agent Settings, tap on AFW Settings
3. On AFW Settings, tap on Enroll your device and proceed with the enrolment process. For devices older than Android 6.0, you might be required to encrypt your phone to complete the enrolment process. Please follow on screen instructions to do so.
4. At the end of the process (which can take few minutes), SureMDM will create a secure AFW container on your device. You can verify this with AFW badge appearing on Nix icon on Android home screen.
How to approve applications to your Play for Work account
1. Login to https://play.google.com/work with your registered Gmail ID
2. Search for any public app and press Approve button to approve it for your enterprise
Note : To approve any in-house private app, read here.
How to push AFW Work Profiles using SureMDM Web Console
1. Login to SureMDM Web Console and go to EMM
2. On EMMscreen under Android click on Add
3. On Work Profile prompt, give a name to the profile and make desired changes under following four options:
- Password Policy – Set password policy for the device user.
- System Settings – Set policies to enable or disable certain system settings like USB debugging, install from unknown sources and more.
- Application Policy – Click on Add to add an application from your Play for Work list of approved applications.
4. Click on Save to complete
5. Now, go back to SureMDM Home Page, select the device or groups and click on Apply
Note: You can also make any EMM profile as default. This gets auto applied to any newly enrolled device in SureMDM.
Once these setup steps are taken care of, you can rest assured, for any new device enrolling into SureMDM, your business apps, and data are secured without compromising on your employees’ productivity, privacy and satisfaction.
To read more about SureMDM, click here.