Best Practices for Company-owned Android Device Management

Android device for work can be a challenge.

Since companies adopting BYOD policy have reached a proportion of 85% after the pandemic, this practice exposes security problems and 57% of technology executives feel unsafe about equipment lacking management.

It makes sense. Malware and data theft could happen to employees' Android devices and lead to a data breach. Also, a lost device brings risks to the company.

That's not surprising that enterprises require Android Mobile Device Management.

However, this isn't always feasible to govern devices owned by employees for the suspicion of privacy invasion.

Company-owned device policy tackles the concern. It allows deeper management of mobile devices and centrally secure them.

As the global trend of working remotely has made mobile devices weigh heavily in work-related activities, company-owned Android device management has become the key to business growth.

This article is here to meet your need. Read on and learn how to start company-owned Android device management.

Method 1 : Manage by Google Workspace
Method 2 : Manage by Android MDM Tool

Part 5 : FAQs

Part 1 : What is Company-owned Android Device?

Company-owned Android device is an Android OS facility as well as the company property that is secure and administrated by the organization, and use for work purposes.

Three popular categories are regarded as cooperated-owned Android devices:

1COPE (Corporate-owned, Personally Enabled)

A corporate-owned, personally enabled device can be a mobile phone, tablet, or laptop that distributes by the company but allow to use by an individual.

Quite a few companies purchase Android Enterprise COPE to better control mobile devices without affecting personal use.

Android COPE has benefits for both the individual using them and the company they work for. By enabling to work from home, employees to take their work with the device and do not have to stay at the office.

2COBO (Company-owned, Business-only)

A COBO is a business-only device. For example, employees can use teamwork tools on the device to proceed with online tasks; or use a company-developed app to improve workflow efficiency.

Android COBO devices are more secure due to the complete control by the enterprise.

3Dedicated Device

A dedicated device is Android fully managed device that is commonly used in transport, logistics, and hospitality industry.

Its biggest characteristic is single-use and typically applies Kiosk Mode - a lock screen or applications feature that limits device usage.

Part 2 : What is Company-owned Android Device Management?

Enterprises with company owned device policy will need a solution to help with administration and security. When a company-owned Android device is unified with the MDM solution, the IT admin can access to device system, applications, data, and files. And those monitor and control operations are called company-owned Android device management.

With the Android Mobile Device Management solution, you can:

Manage all devices in your organization using a single, secure console.
Restrict device access to specific users and groups, or delegate admin role to individual employees.
Deploy patches and updates automatically to all devices in your organization.
Track usage and performance data for each device in your fleet.

Try 14-Day Free Trial

Part 3 : Deployable Content for Company-owned Android Device Management

Let’s take a close look at the specific managing content.

1. Device Inventory

Add or remove company-owned Android devices in your organization.

In the MDM console, you can view all enrolled device information, including device OEMs, binding time, battery capacity, available storage, network status, Wi-Fi mac address, etc.

2. User & Group

Set up user profiles or groups, granting them specific permissions and access to specific devices.

3. Security

Protecting devices and data is the most essential part of company-owned Android device management and is highly related to Android device deployment.

The following MDM features help with security:

Policy - it is used to block usage permission and set alarm conditions for abnormal devices.
Remote Access - it includes remote lock screen, remote reset password or wipe, real-time screen sharing, etc.
Kiosk Mode - it is a lockdown mode for apps, browsers, and networks.
Geofencing - it offers device location tracking and workflow alert.
2-step Verification - it is used to double authenticate users and re-bind lost devices.

4. Device Application

An IT admin can create an app whitelist and blacklist to limit application usage on the corporate device. Besides, releasing, updating and uninstalling apps are also available.

5. Workflow

You can create a workflow fleet to automatically execute operations.

6. Notification

Customize business messages and send them to device users. Or, block unnecessary notifications on devices.

7. Files

Customize business messages and send them to device users. Or, block unnecessary notifications on devices.

8. Report

Set up display content of reports, such as device status, user activity, triggered alert details, etc.

Part 4 : Best Practices to Manage Company-owned Android Device

As mentioned above, company-owned Android device has three subdivisions - COPE, COBO, and dedicated device for self-service - based on device users. The difference brings separate MDM solutions and as well as practices.

In this section, we will explore best practices for company-owned Android device management according to device sorts.

1Method 1: Manage by Google Workspace

Google Workspace, sharing the same original author with Android, is one of the best Android Enterprise MDM solutions for companies that adopt COPE and COBO policies.

The Google workspace device management cuts apart MDM interference and leaves private space to the employee who uses the company asset.

Now, follow these steps to configure Android devices on Google MDM.

Step 1.Log in to Google Workspace Admin Console.

Step 2.Enroll corporate device to WorkSpace.: Go to ‘Device’ - ‘Mobile & endpoints’ - ‘Company owned inventory.’ Click ‘+’ in the upper right corner.; Choose ‘Android’ in ‘Import company owned devices’ , then proceed with device info.

Step 3.Configure device policy.: Turn on advanced mobile management, which is a mode to activate device settings deployment. The button lies in ‘Devices’ - ‘Mobile & endpoints’ - ‘Settings’ - ‘Universal settings’ - ‘General’ - ‘Mobile management’.; Here are some policies that can be configured: VPN and Bluetooth settings; block Smart Lock; Work profiles, and others.

Step 4.Configure app policy.: Go to ‘Devices’ - ‘Mobile and endpoints’ - ‘Settings’ - ‘Android settings’ - ‘Apps and data sharing’ - ‘System apps’. Here you can block or allow apps on the company-owned Android device.

It’s worth noting that Google MDM can control the usage duration for Google Cloud services on web. In this way, device users can only use work tools, such as Gmail, during a certain period. It’s helpful to protect company resources.

2Method 2: Manage by Android MDM Tool

Using a third-party Android MDM tool is an ideal practice for company-owned Android device management.

You can enjoy comprehensive features and more compatible Android versions of the device.

Here, we will take AirDroid Business for instance. It is available for COPE, business-only devices, and corporate-owned single-use devices.

Brief intro: AirDriod Business is an enterprise device management tool specialized for Android devices, which is recognized by G2 2021-2023 Grid Reports, BBC, CNET, Crozdesk, Capttera, etc. It is available for mobile phones, tablets, rugged devices, custom devices, POS, kiosks, and digital signage.

Step 1.Enroll Devices to AirDroid MDM console.: Log into AirDroid Business and find Device Enrollment in Devices.; Choose Enrollment via Device Owner and tap 6 times on the screen. Then scan the QR code on the right.; Note: If you wish to preset conditions to the organization-owned device, you can create a template for Android device enrollment in Provisioning Templates in order to configure the setting automatically.

Step 2.Create Config File with Policy.: This will determine password configuration, app blocklist, feature restrictions, and general settings on the device.; Quick views for Policy config file:

Step 3.(Optional) Set up Kiosk Mode to Lockdown Device.: If desired, kiosk mode can be enabled to lock down company-owned Android devices. This will prevent users from accessing certain applications and websites.; It benefits devices used in school, logistic, retails, and businesses that offer self-service.; Learn more if you’re interested: What is Android Kiosk Mode & How to Set it up on Devices

Step 4.(Optional) Set up Geofencing to Track Location.: Geofencing is a feature to track on-site vehicles and personnel. You can set up alters and workflow when a company-owned device enters the delineated geographical scope.; In AirDroid Business, you can go to Geofence Mgmt and click New Geofence to set up the longitude, latitude, and radius for the corporate device.

Step 5.Invite Members and Assign Role.: You can invite and manage members to the MDM console in Devices > Members & Groups. An email with an invitation link will be sent to the user.; Several roles are offered: Super Admin, Admin, Team Member, and Viewer. Each enjoys different levels of management authority.

Step 6.Monitor Device and Remote Control if needed.: In AirDroid Console, you can monitor all enrolled device screens in real time. Besides, details including device network, CPU usage, and location can be checked. This helps find abnormal equipment immediately and avoid company property loss.; If a company-owned Android device is lost, you can implement remote lock and factory reset to prevent data leaks.; If you need to offer remote support for employees or your clients, AirDroid provides remote camera, Voice Call, Chat with Voice Message and Text, and others.; Moreover, a Black Screen Mode for maintaining an unattended facility under a non-visual screen.

Try 14-Day Free Trial

Part 5 : FAQs

?What's the difference between BYOD, COPE and fully managed device?

All three illustrate devices for work. However, their distinction is not based on the operating system, screen size or capability, but on the ownership and usage permission of the device.

Devices of the three can be smartphones, tablets, laptops, computers, e-readers, smartwatches, etc.

Specifically, BYOD is "Bring Your Own Device". It means that the employee owns the device and has certain access to company resource and use it at work. Generally, BYOD with Android OS enjoys a built-in feature - work profile to separate data and apps into personal use and work use.

COPE is short for "Corporate-owned Personally Enabled". It is the device distributed by the company and allows an employee to use it personally.

Fully managed device is a concept brought by Android Enterprise. It refers to a device that completely belongs to the company and is administratively controlled by an IT department. Fully managed device contains devices for self-services, such as digital signage and kiosk.

?How to remotely wipe company-owned android device?

If your device is enrolled in MDM console, you can wipe through it.

In AirDroid Business, you can first find the device you want to erase in Devices-Device List.

Click it and find Factory Reset in the panel. Then, enter the login password and confirm. Now, the wipe is completed.

?What is Android device management?

Android device management (ADM) is a term used to describe the process of managing Android devices by an organization. It typically includes the following features:

The ability to manage devices through a centralized console
The ability to remotely control devices
The ability to disable devices application
The ability to detect and diagnose device problems

?What is Google mobile device management?

Google mobile device management (GMD) is a term used to describe the process of managing devices with Google's proprietary
mobile management platform - Google Workspace. It typically includes the following features: