How Managed app configurations simplify Enterprise device management?
An overview of Managed configurations and their benefits for the enterprises
Get fresh insights, pro tips, and thought starters–only the best of posts for you.
Alessia Forster
Jun 1, 2021
11 min read
Our workspaces have never remained static; it has come a long way from the legacy Windows OS, accommodating many fewer known concepts, including the BYOD (Bring Your Own Device). With BYOD emerged the new trend of employees using their personal devices for work. Though it simplified the work of the employees, its challenges weren’t something that could be ignored. A need for effective work and personal app segregation and enterprise app management was what surfaced as an immediate consequence. For accommodating this trend, while ensuring security, Google began implementing APIs for extending its control over Android devices.
We then witnessed its rapid evolution from the Device Admin API to the Android for Work, launched initially as an optional solution that was then made a mandatory component for manufacturers. And it was this Android for work that was renamed to what we now know as the Android Enterprise.
Android Enterprise has reduced the device management burden on the IT teams to a great extent. To dive deeper into Android Enterprise, it is important to familiarize yourself with some of its terms. Let’s have a look at some of these
An Android Enterprise solution comprises three major elements; the EMM console, Android device policy, and the Managed Google Play, which works in unison to manage the different endpoints.
Mobile devices have come a long way from their communication-only use case, evolving into an all-in-one tool capable of managing a business. And this wouldn’t be possible without the vast array of apps that we now have on our devices.
“The Google Play app revenue has grown from 15 billion in 2016 to 38.6 billion in 2020”
Now users can easily access and record enterprise data without any restrictions. Though this seems like an advantage, it can easily turn into a disadvantage without an effective device management mechanism in place capable of securing data, potentially turning these devices into weak data-exposing links. EMM solutions have developed a lot of features that make app management easier. Let’s take a look at how Hexnode makes this possible.
Managed Google Play is the Android Enterprise’s store that allows you to select, purchase and manage your organizational apps. Hexnode allows you to easily approve and add Managed Google Play apps to the app inventory from the Managed Google Play and directly deploy them to the target devices.
As enterprise apps are specially designed for organizations, they can’t be distributed publicly through the Play store. Hence, EMMs have a pivotal role here. They distribute these apps to the required targets by initially adding them as APK files, Manifest URLs or as Managed Google Play apps into the Hexnode app inventory.
These apps are uploaded as Android Package (APK) files to the Hexnode app inventory. These can then be distributed to the targets specifically or to all the devices in bulk.
Enterprise apps can be added to the hexnode app inventory by adding the Manifest URL or the direct download link to the APK files
Android Enterprise allows its users to distribute apps specific to their organization by publishing them privately in Managed Google Play. For apps to be added privately in the Managed Play Store, you need to have a developer account and get your app approved. You can learn more about developer account creation and app approval here.
These apps can be easily added to the Hexnode app inventory by selecting the required apps from the Private apps section in the Managed Google Play.
Silent App installation is yet another aspect that simplifies the app installation process. Organizations can easily install the required apps to the work devices without waiting for user consent. The devices enrolled in Android Enterprise as device owner supports the silent installation. For profile owner devices, the apps added as private apps can be pushed to the devices silently.
Updating Enterprise apps has become a no-brainer with Hexnode in place. You can easily replace the old APK with a new file or modify the manifest URL for upgrading the previously added app version. The updated version will automatically get added to the device if the app was installed via a mandatory app policy. Otherwise, it will need to be initiated again through any of Hexnode’s methods. Updating the required app can also be carried out by adding the higher version of the app as a new app and pushing it to the devices directly.
Sometimes aesthetics is often a forgotten aspect when we focus too much on the more technical aspects of management. Hexnode solves this issue too. It allows you to arrange apps in pages and create clusters within these pages depending on the various departments or the purposes that these apps serve, giving them a better sense of order.
Setting permissions and configurations for Enterprise apps before pushing the same to target devices can help restrict all those app aspects that are not required from an enterprise standpoint. It helps organizations have better control over the device apps. For a browser, while configurations include aspects like allowing images, JavaScript, cookies etc., on sites to allowing or blocking access to a list of URLs, permissions usually follow a yes-or-no approach, enabling or restricting aspects like location, reading contacts, recording audio etc.
One of the prime areas of app management that can never be compromised is its security. Sometimes we unknowingly ignore certain app-specific features, which eventually create issues by emerging as sources of vulnerabilities. Hexnode’s advanced restrictions help you avoid these issues by sealing most of the sources of vulnerabilities.
With this option enabled, Google verifies the app content for the absence of harmful behavior before installation. This helps avoid instances of app-related security issues.
Disabling these options prevent users from controlling any app-related action like installation, uninstallation, clear app data, clear cache and related aspects. This curbs all instances of data loss or device tampering knowingly or unknowingly from the user end, thus securing enterprise data.
App installation from unknown sources can act as a direct entry point for threats. It is usually recommended to disable the same for enterprise use cases as most applications can be deployed remotely through MDMs, and a need for such app installations rarely arises.
When devices fall out of the organization’s compliance requirements, measures can protect corporate apps and data. One such implementation is the work container deactivation. When the device becomes non-compliant, the work container deactivates, and all the apps in the container will remain hidden. The container gets reactivated again once the device regains its compliance.
A handful of devices is now running our enterprises. Android is becoming its major element due to its wide popularity. It is also a flexible platform undergoing many new implementations in device aspects as per the Enterprise needs. This is where EMM providers struggle with device management. With many OEM providers in place, implementing new features as per the different OEM requirements into device management solutions is not an easy process.
OEMConfig emerged as a solution to this problem. With this new Android standard called OEMConfig, device makers could easily make custom features universally supported by EMMs, putting an end to the time-consuming process of integrating different APIs from OEMs separately.