Category filter

Unattended remote access management for Android devices

In this document, we will learn how to set up unattended remote access for Android devices.

Managing a group of devices often presents challenges, such as device malfunctions, app crashes, or corrupted drivers. In these situations, IT administrators work diligently to resolve the issues. However, troubleshooting becomes even more difficult when some devices are remote and unsupervised. Accessing such devices remotely for troubleshooting using remote view or control can be challenging, as these actions typically require user permissions at the device end.

Hexnode now offers a solution to remotely view and control Android devices without user supervision. With Hexnode UEM’s Unattended remote access management, IT administrators can remotely access enrolled Android devices without requiring any user interaction.

Notes:

The Remote Access Management feature will only work on the following devices,

Non-Android Enterprise devices running Android version 13 and earlier.
Devices enrolled in Android Enterprise as Device Owner running Android version 9 and later.
ROM enrolled devices running Android version 10 and later.
Devices with latest version of Hexnode Assist app installed.
Devices with Accessibility settings enabled for the Hexnode Assist app. For devices enrolled using the Hexnode MDM app (Device Admin), accessibility settings need to be enabled up to Android 13.

Unattended Remote Access Management on Android devices

To setup unattended remote access management on Android devices,

Login to Hexnode UEM portal.
Go to Policies, select an existing policy or click on New Policy to create a new one.
Navigate to Android > Troubleshooting > Remote Access Management and click Configure.
Choose from the following options:

Silently enable remote viewing of the device screen

Check this option, to enable unattended remote access to remotely view and control the enrolled Android devices. This option is applicable for the devices enrolled using Hexnode MDM (Device Admin) app and for the devices enrolled in Android Enterprise as Device Owner.

Enforce Accessibility permission to silently control the device screen

Check this option, to enforce Accessibility permission and enable unattended remote access to remotely view and control the devices enrolled using Android’s ROM enrollment.

Associate policy with the devices/groups

If the policy has not been saved,

Navigate to Policy Targets > +Add Devices.
Choose the target devices and click Ok. Click Save.
You can also associate the policy with device groups, users, user groups, or domains from the left pane of the Policy Targets tab.

If the policy has been saved,

Go to the Policies tab and choose the desired policy.
Click on Manage drop-down and select Associate Targets.
Choose the target entities and associate the policy.

What happens at the device end?

For devices enrolled with Hexnode MDM (Device Admin) app,

A pop-up notification will be displayed requesting permission to enable Accessibility settings for Hexnode Assist application. This is a one-time mandatory requirement for unattended remote session to proceed.
If this notification is canceled on the device, the policy will still be applied. However, when a remote session is initiated, the notification will be displayed again, this time with a 60-second time limit for the user to accept or decline the session. After this period, the initiated remote session will be automatically terminated.
Admins can reinitiate the remote session, but it will only work if the Accessibility settings are enabled for the Hexnode Assist application. Until then, every time a remote session is initiated, the device will continue to receive the notification with a 60-second limit for the user to accept or decline the request.
Once Accessibility settings are enabled for the Hexnode Assist app on the device, admins can remotely access the device without any end-user intervention.

For devices enrolled in Android Enterprise as Device Owner,

Upon successful policy association the Accessibility permission is enforced silently on the device and unattended remote management requires no user interaction.

Unattended remote access for Android devices in kiosk mode

Android devices need to enable Accessibility settings for Hexnode Assist to allow unattended remote access for devices enrolled with the Hexnode MDM (Device Admin) app. Accessibility settings are part of the device’s Settings app. If the Settings app is not added to the kiosk, the following settings will help configure Accessibility settings in kiosk mode using Peripheral Settings.

Users can enable Accessibility settings:

Check this option to add Accessibility settings to the Peripheral Settings list. Once the device enters the Kiosk mode, a Settings icon will appear, allowing users to access the Peripheral Settings list. From there, they can enable Accessibility settings for the Hexnode Assist application.

When this option is enabled, you can configure the following 2 other options:

Auto exit Accessibility Menu in seconds: Set a timer to automatically exit the Accessibility Menu after a specified duration from the moment it is opened.
Remove Accessibility settings once permission is granted for Hexnode Assist app: Once Accessibility settings permission is granted for the Hexnode Assist application, the Accessibility settings will be removed from the list of Peripheral Settings. This option will be available again if the Accessibility settings are disabled on the device settings.