google

android bloatware in business

android device arrive with alot of preinstalled app like facebook, flipboard, skype and for sure google service (youtube,maps,gmail,etc.) – for private use this is anoying, but for business it is essential to secure the usecase

android enterprise

when enabling Android Enterprise for Kiosk/Company devices, during setup the default apps could be disabled with this switch – PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED – Samsung offers this with it’s KNOX Mobile Enrollment and google with buildin zero-touch service

be aware that you loose the native camera app if your usecase require one

device management

after your device is enrolled in mobile device managment system (emm, uem or whatever) your able to restrict installed apps by package name, apps differ from device manufaturer and os level, package names also useful to arrange/allow in kiosk setup, for samsung XCover4s these are:

  • com.samsung.android.messaging
  • com.sec.android.app.samsungapps
  • com.samsung.android.calendar
  • com.samsung.android.email.provider
  • com.sec.android.app.myfiles
  • com.sec.android.gallery3d
  • com.sec.android.app.clockpackage.clockpackage
  • com.sec.android.app.clockpackage.alarm.alarmalert
  • com.google.android.gm
  • com.google.android.youtube
  • com.google.android.googlequicksearchbox
  • com.sec.android.app.fm
  • com.google.android.apps.maps
  • com.samsung.android.contacts
  • com.samsung.android.dialer
  • com.samsung.android.game.gamehome
  • com.sec.factory.camera
  • com.sec.android.app.camera
  • com.sec.android.app.clockpackage
  • com.sec.android.app.sbrowser
  • com.microsoft.skydrive
  • com.facebook.katana

adb tools

remove bloatware from a single device or find from from a reference device locally connected

  1. install USB drivers for your device
  2. download & install ADB tools
  3. enable Developer Options & USB debugging
  4. plug in your device into the computer
  5. open a terminal and type: adb devices
  6. will return the ID of your device
  7. in adb shell with: adb shell
  8. list all installed packages: pm list packages
  9. to remove packages type: pm uninstall -k -user 0 <package name>

take care to not disable system critical apps of android, check here

google, technology

android pie enterprise

announced device administrator deprecation pushing android enterprise futher to…

improving productivity, security, and digital wellbeing for the enterprise

key facts for enterprise are:

  • better realisation (separation) of work profiles
  • deaper support for single purpose devices
  • advanced security

arrow

read more: enterprise features of android p

already rolling out android 9 to pixel devices, huawei mate 20 get it preinstalled, huawei is pushing hard in android enterprise recommenced, device running android oreo should get updates quicker as before because of google’s project treble

@google

proof: my huawei still got google august security update

apple, general, google, innovation

preconfigure outlook

with it’s current release of microsoft outlook app for ios and android it is possible to preconfigure via enterprise mobility suite @microsoft

following values are suppoted for android, a step further for android enterprise to get rid of the “almost”

configure_outlook2

for ios refer to apple’s managed app configuration and it’s key value pairs

within windows10 there are some possiblities to preconfigure an email profile in outlook, even via emm

arrow read more: outlook supporting oauth, ios12 added exchange payload

other mircosoft office apps don’t support these functionality – graph api is the approach, any vendor can integrate with intune to use it as middleware to manage office apps – a powerful api with the intelligence in microsoft’s hands

microsoft_graph.png

 

 

general, google, technology

android (almost) enterprise

…launched in 2015, renamed in 2017 from android for work and now it’s time for enterprises to adopt android’s modern device management

androidenterprise2.pngapproach of google to manage devices, regardless of any vendor, to better integrate android in enterprise

device admin api’s started deprecating some features, emm system unable to reset device passcode for android 7.0 devices, google will deprecate further in android “p” release in 2018 and stop working with major release of android in 2019

not yet – tested a lot of android’s feature to get a markable footprint in enterprise, realized use cases to bring value for customers but unfortunately android enterprise can’t replace device admin, that’s why…

enrollment – apple’s devices can centralized ordered, prepared and assigned to an emm system via dep (device enrollment program) – google’s pendant zero touch enrollment is currently just available for android 8.1 and pixel devices – samsung got it’s own knox mobile enrollment (kme) which depends on the installed knox version and is for sure just available for samsung devices – a fully managed samsung device via android device owner needs at least knox version 2.8, otherwise you need to prepare all devices locally via qrcode or nfc

certificate authentication is a basic requirement for a secure enterprise deployment, with am emm you’re able to enroll client certificates and distribute via android enterprise to mobile devices – but with current emm tools it’s further possible to achieve a seamless authentication with kerberos constrained delegation, the continuous synchronisation is provided even a user change his password

vpn started a full device tunnel for windows notebooks, beginning with ios is was possible to configure dynamic vpn based on domain rules, even vpn connection can secure a single app, with android enterprise it is possible to setup the vpn just for work content – was missing? a simple “on demand” could stop draining battery life from “always on” vpn or prohibit mistakes if forgot to “manually” enable it

reliability – inconsistent experience noticed – depending of build version, huawei ignore that device passcode is already set – lenovo yoga missing android enterprise enrollment capability – when sending a (private) picture via (secure) mail, login to work container, attachment lost in mail – honor device completly ignore passcode policy for work container – convert phone number to link in gmail is just working sometimes @theverge 

use cases could realized with android enterprise, e.g. silent app and unattended certificate installation is possible for non-samsung devices could , comparing to device admin, but there’s space for improvement…

androidenterprise.png