Android Enterprise Mobility Management

Written by David Worthington on April 25, 2023

Share This Article

Supporting remote work has become part of the duties and responsibilities of small and medium-sized enterprises (SMEs). SMEs typically rely upon corporate-owned, personally enabled (COPE) and bring-your-own-device (BYOD) enterprise mobility strategies. Many organizations are turning to Android devices given the flexibility, manageability, and security benefits of the platform (it’s also immensely popular with users).

Apple’s strong brand loyalty creates the impression that it dominates the personal device space, but Android is in reality the #1 mobile OS. It makes up roughly 71% of global market share. Employees are more likely to be familiar with an Android interface, so it makes sense for SMEs to focus their efforts on Android.

Android’s robust enterprise mobility management (EMM) plays a key factor in this decision. Google created the Enterprise suite to win the workforce market share. It permits IT admins to securely manage their fleet of devices — whether employee or company-owned, with separate personal and work profiles.

This post defines Android EMM, explains how it differs from Android MDM, and how Android EMM can offer superior security and flexibility.

What Is Android EMM?

Android EMM enables organizations to distribute and manage Android devices and apps for employees to use in their daily work.

IT and security professionals can use Android Enterprise — a series of pre-built APIs and developer tools — to integrate Android with their enterprise mobility management solutions. Support for Android EMM involves connecting Android devices to an EMM console, then installing the Android Device Policy app and setting up Managed Google Play.

JumpCloud, an approved EMM provider, can then manage devices from its centralized administrative console. It includes all devices, from Linux and Windows PCs to Apple products. 

Android Enterprise Recommended providers meet an advanced set of enterprise requirements. Android Device Policy, a policy controller that’s built into Android, pulls management policies from your approved EMM provider and automatically applies it to every device.

Managed Google Play, a private app store, is used to apply app management capabilities that IT admins set, such as web app publishing, private app publishing, app organization, and public app search. With all this in place, users will only be able to install organization-approved apps.

What Is Android EMM Used for?

Android EMM is primarily used to manage BYOD devices, company-owned devices, and dedicated devices. Let’s explore these in more detail:

  • BYOD devices – With the rise of remote work, more and more organizations are adopting BYOD policies. Android EMM authorizes employees to use their own Android devices as they normally would for personal use while applying company policies and security settings to keep work-related apps and data safe. When implemented appropriately, organizations have full control over apps and data in the device’s work profile without insight into the device’s personal profile.
  • Company-owned devices – Many companies own and distribute their own Android devices to employees. Android EMM works the same way on these devices, too, controlling the apps, data, and settings in work profiles while personal profiles are kept separate for employee use. However, unlike a BYOD implementation, organizations can enforce device-wide policies, prohibiting the use of certain apps, restricting Wi-Fi, and blocking USB file transfers — even on personal profiles. The level of control varies between COPE devices and a fully managed device. Note that Android still maintains privacy for personal profiles even when devices are fully managed by internal IT. 
  • Dedicated devices – Android EMM can help IT ensure that devices are only used for an intended purpose as a kiosk, in-the-field tablet, point of sales, or even signage.

Simple and Secure Onboarding

Android EMM helps IT create a seamless, remote device onboarding experience using zero-touch enrollment or EMM tokens.

Zero-Touch Enrollment

IT professionals can use Android Enterprise to install Android zero touch provisioning (ZTP), which enrolls devices in MDM upon activation. ZTP is beneficial because it saves IT teams time and effort when deploying Android devices in bulk.

EMM Token Enrollment

IT teams may decide to use EMM tokens when provisioning Android devices for employee use using third-party tools. Admins install the MDM of choice on the device (if it’s not installed already), enroll the device, and then assign users from the MDM console. 

IT admins can provision devices that don’t support near-field communication as “Device Owner” or when a QR code scanner isn’t available.

NFC Method

Near-field communication (NFC) can be used to deploy a device enrollment token, initial policies, Wi-Fi, and other provisioning settings for fully managed or dedicated devices. 

QR Codes

An employee can begin the enrollment process by scanning a QR code on a company-owned device. This will start the provisioning process on new or factory reset devices. 

DPC Identifier

Admins can utilize the DPC identifier method when QR codes or NFC aren’t good options. The user connects a company-owned device to a Wi-Fi network and is then prompted by the setup wizard to sign in and enter “afw#setup”. An Android Device Policy is downloaded and then provisioning is handled through QR codes or manually entering an enrollment token.

Policy Deployment

Android’s policies allow admins to integrate new settings with their EMM console and associate specific policies to specific devices. So, once a device is enrolled in Android EMM, admins can use Android’s Policies features to automatically impose maintenance windows for updates, set minimum password requirements, install new apps remotely, and more.

For example: JumpCloud’s admin console has the option for custom JSON payloads but includes convenient pre-built policies such as establishing standard requirements for passcodes.

Manage Corporate Apps

Android EMM empowers IT and security teams to manage app access on any enrolled device. For example, IT may want to disable notifications, camera features, and location mode for a device solely intended for signage.

Data and Device Security

EMM helps IT teams improve their security posture by preconfiguring devices with phishing and malware protection via Google Safe Browsing and Play Protect. Managed Google Play restricts which apps are allowed on devices even further. EMM can also enable remote password resets, monitoring critical security functions, and wiping data from stolen devices.

What’s the Difference Between Android EMM and Android MDM?

Android EMM and Android MDM are similar, but there is one key difference: EMM manages the entire Android device in addition to securing its applications and data; whereas, MDMs are spot solutions that only manage specific Android device features on company-owned devices. 

Android EMM offers a holistic approach to device management, overseeing business apps, safeguarding corporate content, providing identity management and access privileges, network integration, compliance, and more — not just certain apps or settings. It also offers more flexible options for deployment models. Android EMM stores device data and controls device behavior from the cloud, so devices can be protected wherever and however they’re being used.

Complete Cross-Platform Device Management with JumpCloud

SMEs are embracing distinct BYOD and corporate-owned device (COD) policies, but monitoring those devices to ensure compliance and minimize the chances of data theft and cyberattacks is crucial. Centralizing identity, access, and device management capabilities is no longer a nice-to-have, it’s a must-have.

JumpCloud is an open directory platform that unifies identity, access, and device management capabilities, regardless of the underlying authentication method or device ecosystem. JumpCloud authenticates users whether they use biometrics, digital certificates, passwords, or SSH keys. Secure, frictionless access is fundamental for IT organizations, and is why JumpCloud ensures that every resource has the best way to connect to it on a managed device.

Ready to drastically limit potential security risks of BYOD and COD?

Try JumpCloud Android EMM for Free

Sign up for a free trial today to start managing your mobile (Android and iOS/iPadOS) devices efficiently from one console. Android EMM is included in the JumpCloud Platform, Platform Plus, or Device Management pricing package at no additional cost for existing customers.

David Worthington

I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.

Continue Learning with our Newsletter