Android Enterprise is an enterprise program from Google which helps companies provide access to business apps and data on employee phones, securely, without interfering with user’s personal data. Android Enterprise creates a secure isolated container, at operating system level, separating business data from personal data. With no changes required in Android native user interface and in android application, all business apps can be easily deployed and securely accessed from work containers.
42Gears is now a Google Android Enterprise Solution Provider.
SureMDM integration with Android Enterprise provides a flexible and effective solution to enable employee personal phones for work and counter security risks that come with it. It not only enables admins to create secure work containers by separating business and personal apps but also restricts functions like copy, pasting to and from work apps, opening a corporate attachment, files, and links in personal apps and browsers. In addition, SureMDM also offers:
- Dedicated Google Play Store –Admins can select and approve enterprise apps (from the Google Play store or in-house apps) for employees. Users can then access and install these from Google Play inside a container.
- Disabled app side loading – Admin can block the installation of apps from unknown sources inside the work container.
- Customized App Permissions – Admin can exercise fine-grained control by allowing and revoking individual permission requested by apps.
- Managed Configuration – Enterprise apps that support Android’s Managed Configurations framework can be remotely configured using SureMDM.
- Enterprise Wipe – When an employee leaves the company, the admin can just wipe the work container, deleting all apps and data within, leaving personal apps and data untouched.
Note: More information regarding Android Enterprise can be found here.
There are two ways to enroll SureMDM account with Android Enterprise:
- Using Gmail Account
- Using Managed Google Account
Enroll SureMDM with Android Enterprise using Gmail Account
The following steps are involved in enrolling SureMDM with Android Enterprise:
- Enroll SureMDM with Android Enterprise
- Download and enroll SureMDM Agent with Android Enterprise on the device
- Approve applications on your Play for Work account
- Create and push Work Profiles using SureMDM Web Console
Steps to enroll SureMDM with Android Enterprise using Gmail Account
- Login to SureMDM Web Console.
- Go to Settings and further to Account Settings
- Click on Android Management and select Android Enterprise Enrollment
- Click Enroll Android Enterprise
- On the Enterprise Enrollment prompt, select Google Play EMM API
- Next select Enroll Using Your Gmail Account radio button
Note: G Suite will not be supported by Managed Google Play Account. Select a non-G Suite account. - On the Google Play screen, click on Get Started and log in with the Gmail account.
- Enter your organization name in Business Name and click Next
- In the Contact Details screen, enter the details, check the Agreement Declaration, and click Confirm
- Click Complete Registration
- Navigate again back to the Android Enterprise Enrollment section to view the enrollment status.
Steps to download and enroll SureMDM Agent with Android Enterprise
Once the SureMDM account is enrolled with Android Enterprise, the device also needs to get enrolled with the Android Enterprise account. This process gets started by configuring SureMDM Agent with AndroidEnterprise.
1. Install SureMDM Agent on the Android device.
2. Launch the SureMDM Agent and click Get Started
3. Next there will be 2 options to choose
- Work Profile Enrollment
- Device Admin Enrollment
4. Choose “Work Profile Enrollment” and click on Continue.
5. Enter the SureMDM Account ID and Server Path
6. Click on Accept & Continue to Set up the Work profile.
7. Follow the on-screen instructions to finish the Work Profile setup
Once done, SureMDM will create a secured Android Enterprise container on the device. The device user can verify this with a small orange briefcase badge appearing on SureMDM Nix Agent.
Note: For devices older than Android 6.0, the user needs to encrypt the device to complete the enrollment process. You can follow on-screen instructions to do so.
Steps to approve applications to your Play for Work account
1. Login to https://play.google.com/work with your registered Gmail ID.
2. Search and select any public app and click Approve to approve it for your enterprise.
Note: To approve any in-house private app, read here.
Steps to create and push Work Profiles using SureMDM Web Console
1. Login to SureMDM Web Console and click Profiles.
2. On the Profiles screen, go to the Android tab and click Add.
3. On the Work Profile prompt, give a name to the profile and make desired changes. For example,
- Password Policy – Set password policy for the device user.
- System Settings – Set policies to enable or disable certain system settings like USB debugging, install from unknown sources, and more.
- Application Policy – Click Add to add an application from your Play for Work account.
- File Sharing Policy – Use this section to configure the File Sharing Policy
4. Click Save to complete.
5. Now, go back to SureMDM Home, select the device or a group and click Apply.
Note: You can also make any Profile as default. This gets auto applied to any newly enrolled device in SureMDM.
Enroll SureMDM with Android Enterprise using Managed Google Account
The following steps are for enrolling SureMDM with Android Enterprise using managed Google account:
- Enroll SureMDM with Android Enterprise
- Activate Android Enterprise’s BYOD profile on the device
Steps to enroll SureMDM with Android Enterprise
- Login to SureMDM Web Console.
- Go to Settings and further to Account Settings
- Click on Android Management and select Android Enterprise Enrollment
- Click Enroll Android Enterprise
- On the Enterprise Enrollment prompt, select Google Play EMM API
- Next select Enroll Using Your Managed Google Account radio button
- Enter Google Managed Domain and EMM Token and click Enroll.
Note: To generate Token ID, follow these steps:
- Browse to admin.google.com in abrowser.
- Enter G Suite admin domain ID and Password.
- Click Login. Google Admin console will appear.
- In the Google admin console, click Security option.
- In the Security window, click Show more.
- Click Manage EMM provider for Android > Generate Token.
- Copy the generated token and paste it in the EMM Token field in SureMDM Console.
- Android Enterprise will be enrolled to the SureMDM web console.
Steps to activate Android Enterprise’s BYOD profile on the device
1. On the device, navigate to Settings > Users and Accounts > Add Account.
2. Enter the domain User Name and Password. These are the credentials that are registered for Android Enterprise.
3. Go through the Terms of Service and tap I agree to continue.
SureMDM Agent app will be displayed for the Google account.
4. Tap Install and the SureMDM Agent app will start downloading on the work container
5. Go through the terms and conditions and tap Accept & Continue.
Once you accept and continue, setting up the Work Profile will progress.
Once done, SureMDM will create a secured Android Enterprise container on the device. The device user can verify this with a small orange briefcase badge appearing on SureMDM Nix Agent.
Once these setup steps are taken care of, business apps and data in the enrolled device are secured without compromising your employees’ productivity, privacy, and satisfaction.
To read more about SureMDM, click here.
To register for a free trial of SureMDM, click here