Category filter

Unattended remote access management for Android devices

In this document, we will learn how to set up unattended remote access for Android devices.

Managing a group of devices often presents challenges, such as device malfunctions, app crashes, or corrupted drivers. In these situations, IT administrators work diligently to resolve the issues. However, troubleshooting becomes even more difficult when some devices are remote and unsupervised. Accessing such devices remotely for troubleshooting using remote view or control can be challenging, as these actions typically require user permissions at the device end.

Hexnode now offers a solution to remotely view and control Android devices without requiring the user to grant permissions before a remote view/control session. With Unattended remote access management, the devices are configured to silently enable remote view/control when the admin initiates a remote session from the Hexnode console.

Notes:

The Remote Access Management feature is not supported on Android TVs.
The feature will only work on the following devices,

Non-Android Enterprise devices running Android version 13 and earlier.
Devices enrolled in Android Enterprise as Device Owner running Android version 9 and later.
ROM enrolled devices running Android version 10 and later.
Devices with the latest version of Hexnode Assist app installed.
Devices with Accessibility settings enabled for the Hexnode Assist app. For devices enrolled using the Hexnode MDM app (Device Admin), accessibility settings need to be enabled for the Hexnode Assist app up to Android 13.

Unattended Remote Access Management on Android devices

To setup unattended remote access management on Android devices,

Login to the Hexnode UEM portal.
Go to Policies, select an existing policy or click on New Policy to create a new one.
Navigate to Android > Troubleshooting > Remote Access Management and click Configure.
Choose from the following options:
1. Silently enable remote viewing of the device screen
  
  Check this option, to enable unattended remote access to remotely view and control Android devices. This option is applicable for the devices enrolled using Hexnode MDM (Device Admin) app and for the devices enrolled in Android Enterprise as Device Owner.
2. Enforce Accessibility permission to silently control the device screen
  
  Check this option, to enforce Accessibility permission and enable unattended remote access to remotely view and control the devices enrolled using Android’s ROM enrollment.
3. Silently access files on the device
  
  Check this option to allow administrators to access the device’s files and folders via File Explorer in Hexnode without requiring user approval. When this option is enabled, users will not receive a prompt for permission when the administrator accesses the files and folders.
  
  This option is applicable to devices enrolled using the Hexnode MDM (Device Admin) app. For devices enrolled in Android Enterprise – Device Owner, the admin can access files and folders silently by default.
  
  When this option is enabled, you can configure the following option as well:
  
  Silently download files from the device
  
  Check this option to allow administrators to download files from devices to the administrator’s device without requiring user approval. The File Explorer feature for Android devices streamlines this process.

Associate policy with the devices/groups

If the policy has not been saved,

Navigate to Policy Targets > +Add Devices.
Choose the target devices and click Ok. Click Save.
You can also associate the policy with device groups, users, user groups, or domains from the left pane of the Policy Targets tab.

If the policy has been saved,

Go to the Policies tab and choose the desired policy.
Click on Manage drop-down and select Associate Targets.
Choose the target entities and associate the policy.

What happens at the device end?

Upon successfully associating the policy, the following behavior will be observed on:

Devices enrolled with the Hexnode MDM (Device Admin) app,
1. A pop-up notification will be displayed by the Hexnode MDM app, requesting permission to enable Accessibility settings for Hexnode Assist application. This is a one-time mandatory requirement for unattended remote session to proceed.
2. If this notification is canceled on the device, the Remote Access Management policy will still be applied. However, when a remote session is initiated, the notification will be displayed again on the device screen, this time with a 60-second time limit for the user to accept or decline the session. If the user does not respond within this time frame, the initiated remote session will be automatically terminated.
3. Every time the admin initiates a session, the device will continue to receive the notification with a 60-second limit for the user to accept or decline the request, until the Accessibility settings are enabled for the Hexnode Assist application.
Once Accessibility settings are enabled for the Hexnode Assist app on the device, admins can remotely access the device without any end-user intervention.
For devices enrolled in Android Enterprise as Device Owner,
1. The Accessibility permission is enforced silently on the device and unattended remote management requires no user interaction.

Unattended remote access for Android devices in kiosk mode

To initiate a remote session on an Android device, accessibility settings must be enabled for the Hexnode Assist app. In the case of an unattended remote access session on a kiosk-mode Android device enrolled via the Hexnode MDM (Device Admin) app, users at the device end need access to the Settings app to enable these accessibility settings for the Hexnode Assist app.

If the Settings app is included in the kiosk, users can access it to enable Accessibility settings for Hexnode Assist. Else, admins can configure the following options in Peripheral Settings from Hexnode to allow Accessibility settings in kiosk mode.

Login to your Hexnode portal, navigate to Policies.
Select an existing policy or create a new one by clicking New Policy.
From Kiosk Lockdown > Android Kiosk Lockdown, select Peripheral Settings and click Configure.
Check on the following options under Network settings,

Users can enable Accessibility settings:

Check this option to add Accessibility settings to the Peripheral Settings list on the kiosk.

Once the device enters the kiosk mode later, a Settings app icon will appear alongside the apps in the kiosk home screen. Tapping on it will allow users to access the Peripheral Settings list from the device.

From there, they can enable Accessibility settings for the Hexnode Assist application.

When this option is enabled, you can configure the following 2 other options:

Auto exit Accessibility Menu in seconds: Set a timer to automatically exit the Accessibility Menu after a specified duration from the moment it is opened on the device.
Remove Accessibility settings once permission is granted for Hexnode Assist app: Once Accessibility settings permission is granted for the Hexnode Assist application, the Accessibility settings will be removed from the list of Peripheral Settings. This option will be available again if the Accessibility settings are disabled on the device settings.

Once the accessibility settings are enabled for the Hexnode Remote Assist app, administrators can initiate unattended remote access to remotely view and control devices without any further end-user intervention.