With the adoption of BYOD (Bring Your Own Device), businesses are offering their employees freedom to use their mobile devices for both personal as well as official use. Though this flexibility to combine business and personal world is considered progressive for businesses, it also makes them vulnerable to a host of security threats and other risks.
BYOD enables personal devices to have ready access to business data anytime, from anywhere. Think about a company’s business data lying next to data sharing and social media apps. Easy access to both business and personal email accounts, unmonitored sharing, copy-pasting activities causes business data under constant security threat and prone to accidental or intentional misuse.
The mounting pressure to implement security solutions for BYOD means not only implementing the right infrastructure that could support BYOD program but also accommodate employees’ privacy and satisfaction.
A BYOD solution requires considerable support from OS platform to make it secure and robust. This is the reason most Android BYOD solutions available in the market so far are either very limited to specific device manufacturers (like Samsung) or require enterprise apps to be integrated with an SDK. Both the above limitations are counter-intuitive to the open and inclusive philosophy of BYOD. Finally, Google comes to the rescue.
Android for Work is an enterprise program from Google which helps companies providing access to business apps and data to employee phones, securely, without interfering with user’s personal data. Android for Work creates a secure isolated container, at operating system level, separating business data from personal data. With no changes required in Android native user interface and in android application, all business apps can be easily deployed and securely accessed from work container.
42Gears is now a Google Android for Work Solution Provider.
SureMDM integration with Android for Work provides a flexible and effective solution to enable employee personal phones for work and counter security risks that come with it. It not only enables admins to create secure work container by separating business and personal apps but also restricts functions like copy, pasting to and from work apps, opening a corporate attachment, files, and links in personal apps and browsers. In addition, SureMDM also offers:
Dedicated Google Play Store – Admins can select and approve enterprise apps (from Google Play store or in-house apps) for employees. Users can then access and install these from Google Play for Work inside a container.
Disabled app side loading – Admin can block installation of apps from unknown sources inside work container.
Customized App Permissions – Admin can exercise fine-grained control by allowing and revoking individual permission requested by apps.
Managed Configuration – Enterprise apps which support Android’s Managed Configurations framework can be remotely configured using SureMDM.
Enterprise Wipe – When an employee leaves the company, admin can just wipe work container, deleting all apps and data within, leaving personal apps and data untouched.
More information regarding Android for Work can be found here.
How to enroll SureMDM account with Android for Work?
1.Login to SureMDM Web Console
2. On SureMDM Home Screen, click Profiles.
3. On Profiles screen, under Android, click Enroll AFW
4. This will take you to play.google.com, sign in with your Gmail account or G Suite account and click Enroll.
5. Sign in with the same Gmail account or different account and click Get Started.
6. Enter your organization’s details and click Confirm
7. On Setup complete page, click Complete Registration to go back to SureMDM Web Console
8. On SureMDM Web Console, you will see two new options on Android > Profiles screen –
- AFW Apps – This option shows the list of Enterprise Approved Apps. To approve AFW Apps, go to Google Play for Work, log in using the same Gmail account enrolled with AFW and start approving apps.
- Settings – This option allows you to change store layout, keep track of Enterprise Approved Apps and licenses and option to unenroll from Android for Work
How to configure SureMDM Nix Agent with Android for Work account?
1. Once you have enrolled your SureMDM account with AFW as explained above, go to your Android device and install SureMDM Nix Agent
2. Go to Nix agent Settings, tap Android For Work
3. On AFW Settings, tap Enroll your device and proceed with the enrollment process. For devices older than Android 6.0, you might be required to encrypt your phone to complete the enrollment process. Please follow on-screen instructions to do so.
SureMDM will create a secure AFW container on your device. You can verify this with AFW badge appearing on Nix icon on Android home screen.
How to approve applications to your Play for Work account
1. Login to https://play.google.com/work with your registered Gmail Id
2. Search for any public app and press Approve button to approve it for your enterprise
Note: To approve any in-house private app, read here.
How to push AFW Work Profiles using SureMDM Web Console
1. Login to SureMDM Web Console and click Profiles
2. On Profiles screen under Android click Add
3. On Work Profile prompt, give a name to the profile and make desired changes under following three options:
- Password Policy – Set password policy for the device user.
- System Settings – Set policies to enable or disable certain system settings like USB debugging, install from unknown sources and more.
- Application Policy – Click Add to add an application from your Play for Work list of approved applications.
4. Click Save to complete
5. Now, go back to SureMDM Home Page, select the device or groups and click Apply
Note: You can also make any Profile as default. This gets auto applied to any newly enrolled device in SureMDM.
Once these setup steps are taken care of, any new device enrolling into SureMDM, your business apps, and data are secured without compromising on your employees’ productivity, privacy and satisfaction.
To read more about SureMDM, click here.