Geek Speak Blog | Barcoding

SOTI & Android Offers Management Options for any Deployment

Written by SOTI | May 16, 2019

From strictly locked-down devices to personally-enabled & dedicated-use scenarios, SOTI shows how easy it is to deploy an Android managed device.

The Challenge

When it comes to corporate-owned devices, there is no “one-size fits all”. Work-Only or Dedicated Purpose devices remain mission critical for regulated, high security and high availability situations. Increasingly, employees expect to only carry one device for work and personal use. Devices for dedicated scenarios such as kiosks or shared task-workers are increasingly transforming workflows, offering real-time customer service at a lower total cost. The catch is that they need to be maintained remotely and efficiently. In all cases, corporate data must remain protected.

Download the One-Pager!

The Android Difference

Android provides a consistent managed device mode and app ecosystem across a diverse range of over 170 manufacturers, from affordable smartphones for communication, to ruggedized tablets for the most demanding of environments. SOTI MobiControl leverages the Android Enterprise framework to enable the most consistently comprehensive management across your whole device fleet.

SOTI Android+

SOTI takes the powerful Android Enterprise framework a step further to deliver the truly differentiating features that our customers have come to demand in managing their mobility deployments.

Differentiating features available with Android Enterprise on SOTI MobiControl

  • Remote Control – The fastest and most robust Remote Control in the EMM industry
  • HTML-based Lockdown Screen - Highly-customizable lock screen to secure the device against improper and unauthorized use
  • Package Deployment – Schedule app rollouts and deploy them silently without user intervention
  • Antivirus – Integrated anti virus engine, powered by BitDefender, to complement Google Play Protect
  • Polygon-based Geofencing – Create geofences of any shape or size for specific location-based policies
  • Speed Lockdown – Lockdown the device at predefined speeds, minimizing distractions and liability
  • OS Updates – Support for OEM specific upgrades (i.e. Zebra OS Upgrade & Samsung E-FOTA)
  • Configure APN – Configure Access Point Name settings for private cellular network (Android P)

Android Work Managed Device

From Android 6.0 Marshmallow and later, Android devices on SOTI MobiControl support a comprehensive OS-level managed device mode for corporate-owned devices, bringing consistency across device manufacturers, and allowing every app on the Google Play Store to be used out of the box. Managed device mode on SOTI MobiControl gives critical capabilities for corporate owned devices:

Theft Protection - Ensure devices cannot be reset, used for another purpose, or resold.

Device Management - Apply management controls to everything that happens on the device, from lock screen to encryption, VPN to app install.

Remote Diagnostics and Forensics - Remotely audit activity on devices or debug issues for users.

Android Offers 3 Depployment Types:
SOTI MOBICONTROL is Validated for all 3

Work-only Managed Device - Prevent users from adding personal accounts to devices and maintain the device for work-only purposes.

Dedicated-Purpose Device - Lock an app (or a suite of apps) to the screen for devices that are dedicated purpose, such as kiosks or task-worker devices. It can also hide system navigation and settings to avoid distracting users and ensure minimal support calls. Apps are managed entirely remotely, with no browsable Google Play Store made available.

Personally-enabled Device* - Enable Android’s OS-level container (called a work profile) on a managed device, to allow users to use personal applications and data, while ensuring that corporate applications and data remain separate. The work and personal profiles run side-by-side in the home screen of the device, with work apps and notifications badged with a briefcase. Users can arrange apps however they wish without affecting where data is stored, all while IT retains overall control of the work profile only.

Securing Work Data

SOTI MobiControl makes it easy for our customers to leverage the lifecycles and policies of an Android managed device. Policies can be enforced, including the following critical elements, for preventing data loss:

Screen Lock - Enforce minimum complexity on the whole device or only on the work profile

Encryption - Storage encryption is on by default and enforceable by policy.

App Distribution - Use Managed Google Play Accounts to curate your own enterprise Google Play Store. You explicitly authorize which apps can be installed on a managed device that will have access to corporate data.

VPN - Secure app traffic on the network through a variety of VPN options, including the ability to ensure only apps in the work profile can use the VPN, or device-wide VPN to secure all communications.

Additionally, in the work profile, you can enforce:

Data Separation - Enforce separation between a user’s personal and work data at the OS kernel, ensuring partitioning of corporate data down to the process, memory and storage level.

Copy/Paste - Prevent data being copied from work apps and pasted into personal apps.

Inter-app Sharing - Specify which work apps can share data with personal apps or block sharing entirely.


Device Enrollment

Managed devices must be enrolled from an out-of-box or factory-reset state for security reasons. Several enrollment options are available, depending on your use case:

Zero-touch Enrollment** - Pre-configure devices for SOTI MobiControl enrollment & management before they’re unboxed.

NFC* - User taps their device to a programming device. Great for admins mass-enrolling devices into MobiControl.

QR Code* – Similar to the NFC approach. User scans a QR code. Easier than typing and can be sent by email.

EMM Token - User enters a pre-defined code. Easy to send by email, or SMS.

Conclusion

Android managed devices provide comprehensive and consistent device management, with features for personal enablement or dedicated device deployments, allowing you to cover every use case. Android’s managed device mode enhanced with SOTI MobiControl Android+ is the best way to deploy corporate-owned Android devices in the enterprise.

* Android 7.0 (Nougat) and above
** Supported on selected zero-touch carriers or devices only