Recent smartphone OS data from Kantar Worldpanel ComTech shows that Google’s Android is the world’s most popular operating system for mobile devices with a market share ranging between 65% and 88% throughout the world. Amazingly in 2017, only about ten years after its release, Android already became the world’s most popular operating system in terms of Internet usage across all device platforms combined when it overtook Microsoft Windows for the first time ever.

 

From consumer space to business users

Despite tremendous success in the consumer space, the lack of enterprise-grade security management features was a barrier for a long time that slowed down the adoption rate of Androids in the business world.

Before the release of Google’s device management program known as Android Enterprise (formerly Android for Work), Samsung’s SAFE-enabled devices were practically the only reasonable choice for security-aware organizations wishing to use Androids in their business. That’s no longer the case.

Android Enterprise is Google’s device management program which provides extensive security and remote management features for devices running Android 5.0 and newer across all device manufacturers, thus enabling the secure use of Android mobile devices in the business world too.

With two different modes of Android Enterprise, organizations can choose to control either the company-owned devices entirely with the Work-Managed-Device mode, or secure the work apps and data residing on an employee-owned device by enclosing them in an encrypted container called the Work Profile. The Work Profile is an ideal solution for companies having a bring Your Own Device (BYOD) policy as it provides an out of the box solution for separating personal and business data.

An Android device BYOD and COPE scenario.

Devices with a pre-Android 5.0 version can be managed in Mobile Device Management (MDM) solutions without Android Enterprise, but there’s fewer management capabilities, especially for enforcing security on non-Samsung devices.

 

Security restrictions available through Android Enterprise in Miradore Online

In the earlier days, Android management often relied on the principles of ‘trust but verify’. This meant that you could add restrictions and monitor their presence on the device. However, in many cases restrictions could be removed by means of factory resets or with Google Device Manager.

Now with Android Enterprise, it is possible to deploy restrictions to the managed devices and prevent users from disabling them. All available restrictions are described in this article, but just to name a few, it is possible to do the following:

  • Control which apps are approved
  • Deny application uninstallation
  • Lock down Wi-Fi and Bluetooth settings so e.g. only approved Wi-Fi networks can be accessed
  • Deny location sharing
  • Disable Outgoing NFC
  • Disable Screenshot capturing
  • Deny VPN configuration
  • Deny copy-pasting between business and personal profiles
  • Deny Factory reset

In the Work Managed Device mode, more restrictions are available, and they apply to the entire device since the Miradore Online client is the owner of the device. In the Profile Owner mode, the restrictions only apply to the applications and services inside the container since the Miradore Online client operates as the profile owner of the work data and has limited control outside of the work profile.

 

There’s more…

Automatically enroll and setup your Android devices with Android Enterprise.

Restrictions aren’t the only benefit of managing Androids with Android Enterprise. Miradore Online users also enjoy automatic device setup including the deployment of applications and configurations when a device is powered on for the first time. They can also deploy applications to the managed devices silently, as well as customize the selection of the Play Store by preapproving apps that are available to the device users.

 

How do I get started?

The functionality is available for all Miradore Online Enterprise Plan subscribers. All you need to get started is a Google account. Once you’ve got one, follow the instructions here to set things up, and then follow the rest of the documentation here. Below, you can also find a webinar recording which walks you through the Android Enterprise setup and configuration process:

 

For our Free and Business plan users, just enable your Enterprise Plan trial and you can try it out for 14 days with no commitments. If you’ve already used up your trial period, give us a shout. We’ll hook you up with another. And if you’re not a user yet, get started now! It only takes a minute to have your first device enrolled.

Esa Hietikko

Esa Hietikko

Content Manager at Miradore Ltd
Esa Hietikko has been working for Miradore since 2010 when he joined our team to complete his traineeship. Now he holds a M.Sc. in Computer Science from the University of Eastern Finland, and works as a Content Manager for Miradore. | LinkedIn
Esa Hietikko