google, technology

android pie enterprise

announced device administrator deprecation pushing android enterprise futher to…

improving productivity, security, and digital wellbeing for the enterprise

key facts for enterprise are:

  • better realisation (separation) of work profiles
  • deaper support for single purpose devices
  • advanced security

arrow

read more: enterprise features of android p

already rolling out android 9 to pixel devices, huawei mate 20 get it preinstalled, huawei is pushing hard in android enterprise recommenced, device running android oreo should get updates quicker as before because of google’s project treble

@google

proof: my huawei still got google august security update

apple, general, google, innovation

preconfigure outlook

with it’s current release of microsoft outlook app for ios and android it is possible to preconfigure via enterprise mobility suite @microsoft

following values are suppoted for android, a step further for android enterprise to get rid of the “almost”

configure_outlook2

for ios refer to apple’s managed app configuration and it’s key value pairs

within windows10 there are some possiblities to preconfigure an email profile in outlook, even via emm

arrow read more: outlook supporting oauth, ios12 added exchange payload

other mircosoft office apps don’t support these functionality – graph api is the approach, any vendor can integrate with intune to use it as middleware to manage office apps – a powerful api with the intelligence in microsoft’s hands

microsoft_graph.png

 

 

general, google, technology

android (almost) enterprise

…launched in 2015, renamed in 2017 from android for work and now it’s time for enterprises to adopt android’s modern device management

androidenterprise2.pngapproach of google to manage devices, regardless of any vendor, to better integrate android in enterprise

device admin api’s started deprecating some features, emm system unable to reset device passcode for android 7.0 devices, google will deprecate further in android “p” release in 2018 and stop working with major release of android in 2019

not yet – tested a lot of android’s feature to get a markable footprint in enterprise, realized use cases to bring value for customers but unfortunately android enterprise can’t replace device admin, that’s why…

enrollment – apple’s devices can centralized ordered, prepared and assigned to an emm system via dep (device enrollment program) – google’s pendant zero touch enrollment is currently just available for android 8.1 and pixel devices – samsung got it’s own knox mobile enrollment (kme) which depends on the installed knox version and is for sure just available for samsung devices – a fully managed samsung device via android device owner needs at least knox version 2.8, otherwise you need to prepare all devices locally via qrcode or nfc

certificate authentication is a basic requirement for a secure enterprise deployment, with am emm you’re able to enroll client certificates and distribute via android enterprise to mobile devices – but with current emm tools it’s further possible to achieve a seamless authentication with kerberos constrained delegation, the continuous synchronisation is provided even a user change his password

vpn started a full device tunnel for windows notebooks, beginning with ios is was possible to configure dynamic vpn based on domain rules, even vpn connection can secure a single app, with android enterprise it is possible to setup the vpn just for work content – was missing? a simple “on demand” could stop draining battery life from “always on” vpn or prohibit mistakes if forgot to “manually” enable it

reliability – inconsistent experience noticed – depending of build version, huawei ignore that device passcode is already set – lenovo yoga missing android enterprise enrollment capability – when sending a (private) picture via (secure) mail, login to work container, attachment lost in mail – honor device completly ignore passcode policy for work container – convert phone number to link in gmail is just working sometimes @theverge 

use cases could realized with android enterprise, e.g. silent app and unattended certificate installation is possible for non-samsung devices could , comparing to device admin, but there’s space for improvement…

androidenterprise.png