What is Enterprise Mobility Management & What are the Different Business Options for Implementation?
Enterprise Mobility Management for Android Enterprise
When businesses want to increase their mobility, one of the first steps is to find an enterprise mobility management (or “EMM”) solution to help them manage all devices on their network. Commonly referred to as Mobile Device Management (or “MDM”), an EMM provides a way for enterprises to securely manage all of the devices in use by their organization. Android Enterprise offers APIs and other tools that developers use to build EMM solutions. From phones to tablets to wearables, Android Enterprise has device options for every industry and possible use case.
Bring Your Own Device – BYOD EMM
When it comes to using mobile devices for work, research has proven that employees typically prefer to use their own devices rather than having to carry around an additional company-provided mobile device. This is what we call Bring Your Own Device (or “BYOD”). BYOD for Android Enterprise allow an IT department to create a work profile on an employee device through the EMM portal. Work profiles function by storing all sensitive company information in a separate section of the device, which is controlled by IT. The work profile can be limited to specific apps or data that is needed by that specific employee. The partitioning happens in the background while leaving the employee’s personal data untouched and inaccessible by IT. All personal data remains on the primary profile and IT can only access the new work profile. The BYOD profiles provided by Android Enterprise EMM solutions make this employee-preferred solution possible.
Company-Owned Devices – Fully Managed & Fully Managed with Work Profile
Sometimes bringing your own device to use for work is not a feasible option, usually because an organization wants more control/security over its critical information. In this instance, a company will provide a company owned device for the employee to use. However, as mentioned above, most employees don’t want the added burden of carrying around two devices. Company owned devices have two management options possible: “fully managed devices”, and “fully managed devices with work profile”, which provides employees with the preferred single device option. Both options provide the organization with comprehensive control of the device.
If a company wants its employees to use the corporate owned device only for work, a fully managed deployment would be the best solution. Fully managed Android EMM solutions are for devices that are not intended to be used for anything personal. The IT department maintains complete control over the entire device, and they can create and enforce policies limiting the functionality of the device. The entire device can be wiped or locked down instantly in the event of certain triggers that can be pre-programmed by IT.
In certain situations, corporations provide a device to their employees and allow them to use that device for personal use as well. These situations are easily managed with Android Enterprise by utilizing a “fully managed device with work profile”. The enterprise will still own the device, and maintain complete control over the entire device, but they can set different policies for work profiles and personal use. For example, on the work profile, the company can enforce very strict policies regarding downloading and saving sensitive company information. They can make sure that this information is not accessible unless you are on the work profile. These security measures can be implemented without affecting any personal app permissions. The personal profile on the device can be used just as a normal personal device would, but the company still has access to lock down or wipe the device as necessary.
Corporate Owned Devices – Dedicated Use
In many cases, enterprises need to use a mobile device that is intended for one specific function. In this situation, Android Enterprise users would opt for “dedicated devices” (formerly referred to as COSU or “corporate owned single use” devices). Dedicated devices are popular in a variety of settings and industries since they allow customers or employees to complete only the one task needed. Android Enterprise EMM allows these dedicated devices to be locked down to run only one app (called kiosk mode), or even a group of specific apps, limiting their ability to do anything other than what the company needs. A good example of this is a device used in warehouses for inventory management (often a tablet). This device should not be used for anything except inventory management. Android EMM will allow you to make sure that tablet cannot exit the inventory management app and access other apps, such as email clients or internet browsers. The hospitality industry provides another example: many hotels worldwide are using tablets to speed up the check in process, and those tablets should not be used for any other purpose. Hotels can choose to lock down that tablet to the specific hotel branded app that allows them to fill in the details of their stay. No other feature on the tablet would be accessible. With an Android EMM solution, you can control features like the lock screen, keyboard, background display, as well as many other features.
Android Enterprise EMM – Complete EMM Solution
In order to have a complete Android Enterprise EMM solution, you must incorporate three critical components: 1) managed Google Play store, 2) a device policy controller (or “DPC”), and 3) your EMM console.
Managed Google Play store is an enterprise app platform like the regular Google Play store, but the managed Google Play store adds a set of capabilities for enterprises to manage the apps on their devices. IT can download apps and remotely distribute them to different devices on their network. The managed Google Play store comes free with any Android Enterprise device. It looks just like the regular, consumer Google Play store, but the only apps that an employee will see are the ones their IT department has whitelisted.
Every Android Enterprise device that a company is managing needs to install a DPC app. A DPC helps take the rules that your IT department created and applies them to the enterprise device. Some companies use Android’s DPC while others build custom DPC solutions.
The final component of the Android Enterprise EMM is the actual EMM console where the IT department will set the policies and manage the devices. IT admins integrate the EMM console with all the Android Enterprise APIs.
Android Enterprise & Zero Touch
In order to get any of the management settings mentioned above, Android devices need to be properly provisioned. Android Enterprise has created an effortless process through Zero-Touch. Zero-touch enrollment helps organizations deploy Android devices in bulk. IT admins create the provisioning rules through their EMM console and enroll the devices without ever having to see or touch them. The specific configurations are already in place before the device is ever activated by the employee.
For a more detailed primer on Zero-Touch, click here.
Other Methods to Enroll Android Devices
Though Zero Touch is the most convenient way of provisioning your Android devices, not every device is capable of that. There are many other ways to provision the devices, they just require a bit more hands-on work. Some of the common options are:
- QR code provisioning: When a device is first being setup by IT, they will use the device to scan a QR code that is generated by the EMM console. This QR code contains all the information needed to properly provision the device.
- NFC provisioning: Similar to using your phone as a digital wallet, NFC provisioning allows IT to “bump” the settings to each device.
- DPC-identifier: To use this method of provisioning, IT enters a specific DPC code that sends all settings to each device.
Enterprise Mobility Management for Android Enterprise
By now you should have a good idea of how enterprises use EMM solutions to deploy large scale mobile operations. When enterprises want to increase their mobility, Android Enterprise is the most logical solution. With a wide range of devices and management options, Android Enterprise makes the digital transformation simple for companies of all sizes. Contact Social Mobile today to find out how our Android Enterprise Mobility Management solutions can help your organization.