Skip to main content
Matrix42 Self-Service Help Center

Android Enterprise Integration

Solution Summary

Android Enterprise is a Google-led initiative to enable the use of Android devices and apps in the workplace. Android Enterprise offers the following benefits:

Easy Activation

  • Enabling Android Enterprise works with any (non G-Suite Account) Google account 

For corporate owned devices

  • A fully locked-down mode for complete corporate ownership with optional personal account creation 
  • Corporate ownership activation during Out-of-the-box experience
    • DPC Identifier Enrollment 
    • Device Owner mode enablement
  • Utilization of deployment programs, where devices receives during the Out-of-the-box experience corporate configuration
  • A corporate Google Play portal, which contains only Administrator approved applications for enterprises
    • Managed Play
  • An easy configuration schema for Administrator approved applications
    • Managed Configurations
  • Zero Day support for device configurations provided from manufacturers through OEM Configuration applications. 
  • A single application mode for Kiosk-like applications, which is named COSU (Corporate-Owned, Single-Use)
  • Silent application installation without the need of personal Gmail accounts.

For personal owned devices

  • Ability to create a dedicated corporate workspace on a personal used device
  • Adding a work profile to Google Play, which contains Administrator approved applications for enterprises
  • Application installation inside the corporate workspace
  • An easy configuration schema for Administrator approved applications
    • Managed Configurations
  • Zero Day support for device configurations provided from manufacturers through OEM Configuration applications. 

Key Terms:

These key terms are associated with Android for Enterprise and will help you to understand how the configuration is working with Silverback and how to configure the deployment settings. 

DPC Identifier Enrollment

During the out of the box experience on Android and Samsung devices, any user is questioned to add a Google Account to the device if the device is not added to a deployment program. At this point, the setup can be directed into two different deployment options for business purpose. When the user enters a personal Gmail account, the device is intended as a personal device, where afterwards a Work Profile can be configured on top. 

For corporate owned devices, a user or administrator can start here immediately with the activation of a corporate account on the device. For that, a DPC Identifier will be provided in the username field. For Matrix42 and Silverback the DPC Identifier is afw#matrix42. After entering the DPC Identifier and proceeding, the setup directs to download our Companion application, which will be used to activate the device owner mode and finish the enrollment process into Silverback. 

Device Owner

Corporate-owned deployments are supported by the device owner mode of operation. A device owner mode can only be activated during the Out-of-the-box experience with the DPC identifier and activated Managed Account. With the device owner activation all Administrator gains more control over devices. 

Work Profile

Work Profiles are indented for personal owned devices and can be configured in Silverback inside any Tag. They are designed for "Bring your own device"  and "Corporate -Owned, Personally Enabled" scenarios and will create a dedicated corporate workspace on a personal used device. 

Managed Account

Instead of using a personal Gmail account for Google Services like Google Play, a Managed Account can be distributed to corporate and personal owned devices. This account will be created and assigned from the Mobile Device Management system to the user's device. In a recommended scenario in Silverback, the Managed Account is configured in a Tag with Auto population set to Device Owner as Yes. It will be used for the corporate Google Managed Play and will be applied for all devices enrolled during the out of the box experience. For employee owned devices which will receive the Work Profile, e.g with an enabled Auto population Tag to Personal devices, the Managed Account is automatically applied when users are selecting the personal ownership at the self service portal and devices will receive a Tag configuration with an enabled Work Profile. 

Managed Play

Managed Play is simply the managed Google Play store on managed Android Enterprise devices and is the central point, where users can download Administrator approved applications. When adding a Managed Account to corporate or personal devices, the Managed Google Play store will use this account for downloading administrator approved applications. If a personal account is setup on the devices, users can switch inside the Google Play application between the personal Google Play and Managed Play section. On device owner (corporate) enrolled devices, Administrators can prevent adding manually accounts to the device to prevent the usage of personal Google accounts on devices for users.

Managed Configuration

On Android Enterprise, Google offers application developers a framework to provide in an easy and streamlined way application configuration options to Mobile Device Management systems. With that, Administrators can easily query, display, and configure available configurations for Managed Play apps through the Management Console. This is the go-to approach for all application configuration on managed devices with Android Enterprise.  

COSU

The COSU (Corporate-Owned, Single-Use) solution set is designed for corporate-owned devices that fulfill a single use case, such as digital signage, ticket printing, or inventory management. This allows administrators to further lock down the usage of a device to a single app or small set of apps, and prevents users from enabling other apps or performing other actions on the device. COSU Mode is applicable for devices configured in the Device Owner Mode. 

Zero-Touch Enrollment

Zero-touch enrollment (ZTE) is a streamlined process for Android devices to be provisioned for enterprise management. Zero-touch makes it simple to configure corporate devices online and have them shipped with enforced management so employees can open the box and get started. When devices are added to Zero-touch, users will recognize during the out of the box experience that the device belongs to an organization and depending on the configuration, devices will be automatically added into the management or users will start with the self service enrollment process or users are capable to scan their provided QR-Code to finish the enrollment process. 

Knox Mobile Enrollment 

As an alternative to Zero Touch Enrollment, Samsung offers Knox Mobile Enrollment (KME). Knox Mobile Enrollment streamlines the initial setup and enrollment of Samsung corporate devices. The procedure is like that of Zero Touch Enrollment, in which administrators are creating configuration profiles, which will be applied to devices during the out of the box experience and are influencing the enrollment options and experiences for users.  

OEM Configuration

OEM Configuration is a feature or a paradigm of how the management of Android devices will evolve in the future. When we look back to the history of the Android Management it offered a set of useful and enterprise ready controls and all manufacturers needed to find their own enterprise strategies and thus, their own management APIs. Within the greatly working Android Enterprise Management platform, Google and device manufacturers are underlying new capabilities to create an easy adoptable device management. In a nutshell, device manufacturers will provide API management with separate applications, and you as an Administrator can configure these applications in Silverback.

Knox Service Plugin

The Knox Service Plugin (KSP) is a good example of how device manufacturers are leveraging the OEM Configuration with a solution that enables to use Knox Platform for Enterprise features as soon as they are commercially available. You as an Administrator can use the Knox Service Plugin to enable a wide range of Knox management features with Knox Platform for Enterprise policies on your managed devices. This automatic deployment method ensures that you can use the latest Knox features on the day it is launched. Refer to the official Knox Service Plugin Administrator Guide and Android Enterprise VII: Knox Service Plugin for additional information. 

 

 

  • Was this article helpful?