Android Q Enterprise Features for EMM Admin

This is a brief analysis on the upcoming Android Enterprise Features in Android Q. Read the full notes here. Google has a habit of silently updating those documents, so I expect to update this post once subsequent iterations of Beta are released. The below is my sole opinion, and I welcome hearing yours. NB: it starts slow, the really great stuff is towards the 2nd half 🙂

(more…)
Advertisements

[iOS vs Android] OS and Application Updates

I frequently get this question from customers and partners: “How can I control Application and OS Updates in iOS and Android“. So I’ll drop a note here.

Update management includes:

  • Configuring the behaviour of OS upgrades (major), patches, public apps (via App/Play Store, VPP) and private apps (via App/Play Store or directly via EMM)
  • Scheduling updates to happen (or NOT happen) at specific times For example, do not update between 8AM and 6PM, when the user is working.
  • Manually pushing or rolling back an update to a single device or group of devices (troubleshooting, 0day immediate security patch etc)
  • Controlling the visibility of update to the user, or blocking an update to specific devices altogether (known compatibility issue with business/mission-critical apps)
  • Version control: i.e. upgrade to version X, not just to the latest version available. A very common case with public app stores.
  • Pre-release support: alpha/beta users, multiple adoption rings.
  • Controlling the updates delivery to that they only happen on Wi-Fi, or on Cellular.
  • Granular control of all of the above per device group/type, per user group/name/type, per app etc.
  • Controlling user ability to influence any of the above (allow costly cellular updates, defer/deny critical updates, update manually to an unsupported OS version etc)

Suddenly, things are not that simple, are they? Long story short, the winner is BY FAR the …Windows 10! 🙂 Watch the video on managing Win10 Updates with UEM here (tech and WorkspaceONE implementation and design/philosophy – much recommended). Now, let’s go back to iOS and Android an see what have we got there.

NB: This info may become out of date when new OS capabilities are released. If you notice anything outdated – leave a commend and I’ll update the post.

(more…)

Google Play Managed iFrame in Workspace ONE UEM (AirWatch) – App Collections

In two previous posts dedicated to the Managed Google Play iFrame we have covered Private Apps and Web Apps. The last feature of the iFrame interface is called Collections and allows you to organize the Work Play Store app layout, as well as shoot yourself in the foot a few times…

(more…)

Google Play Managed iFrame in Workspace ONE UEM (AirWatch) – Web Apps

In the previous post I have covered adding Private apps via the Google Play Managed iFrame for Android Enterprise. This time let’s deal with the Web Apps (links, web clips).

(more…)

Google Play Managed iFrame in Workspace ONE UEM (AirWatch) – Private Apps

In this post I will show a simple way to manage Private (Internal) Android Applications in Managed Play Store with WorkspaceONE UEM (AirWatch) using the Play Store Managed iFrame. This is important since it’s basically the only way to push Private apps to Android Enterprise Work Profile or COPE devices.

(more…)

Securing work contacts while keeping caller ID 02: Android

I had a week of customer meetings, each (literally!) asking the same question: “How can I prevent WhatsApp from grabbing the corporate contacts on my device?”

In this series of posts we will explore the options of deploying corporate email/contacts/calendars with the goal of maximal work/personal contact separation, while trying to minimally impair the user experience (such as the Caller ID).

Table of contents:

(more…)

Securing work contacts while keeping caller ID 01: Android vs iOS

I had a week of customer meetings, each (literally!) asking the same question: “How can I prevent WhatsApp from grabbing the corporate contacts on my device?” This happens more often than you think – the infamous GetContact collected over 3.5B contacts in just a few months, all of which were officially available for sale! With GDRP in effect, how much could this cost?

Of course, both iOS and Android offer means to securely lock down enterprise data on BYOD devices. But this comes at a price of usability, the most cited problem being the caller it. We know that in the modern day an unhappy and discomforted user is essentially a backdoor waiting to happen. How can we keep this balance between security and productivity?

In this series of posts we will explore the options of deploying corporate email/contacts/calendars with the goal of maximal work/personal contact separation, while trying to minimally impair the user experience (such as the Caller ID).

We will explore several approaches, their limitations and shortcomings for iOS and Android. This post lays the foundations and provides a TL:DR style summary/comparison of my current findings.

Table of contents:

(more…)