ras-slava - Fotolia
Android device management relies on open source application program interfaces -- primarily the Android Device Administration API. Many kinds of Android apps can make use of these APIs, from third-party email clients to enterprise mobility management agents.
To get started with Android device management, review the list of policies these Device Administration APIs can control to determine how they support your own needs. For example, Android policies can enforce the use of device passwords, minimum length and complexity requirements, maximum failed login attempts and more. Policies can also require storage encryption, disable the camera, remotely lock or wipe a device or prompt the user to set a new password.
Devices running Android 4.0 Ice Cream Sandwich or later broadly support these basic mobile device management policies, but there are certain limitations, depending on the device's make, model and operating system version.
To remotely view or set these policies, you must install an app that implements the necessary Device Administration APIs. For example, Android's native email client supports remote wipe and password enforcement APIs, and Microsoft Exchange ActiveSync can remotely manage them.
Advanced Android device management
If you're looking for more extensive capabilities, however, you'll want to purchase an EMM product from vendors such as VMware AirWatch, BlackBerry, IBM, MobileIron or SOTI.
On Android, each EMM product is paired with an agent app that the user or IT must install on a device, either through a company's Web server or right from the Google Play store.
During installation, the user must grant device admin rights to the agent, which then accepts remote commands from the EMM product, providing IT with control over Android mobile device management and perhaps additional policies.
Android 5.0 Lollipop introduced a new, built-in form of device management, known as Android for Work. New capabilities offered through Android for Work include:
- Installation of Android apps that doesn't require user involvement;
- Remote app configuration;
- A secure container for managed apps; and
- Better insulation of managed apps from malicious apps that may exist outside the container.
Android for Work capabilities require an EMM product that interfaces with a Device Policy Client. Enterprises that want to use Android for Work must first complete a domain registration process with Google, configure a profile and add users to the registered domain to apply the profile to managed devices.
Although Android for Work is built into Android 5.0, it can also run on Android 4 devices that install Google's Android for Work app.
Here's everything you need to know about managing Android devices
Get to know Android for Work features
What you should look for in a Mobile device management system
Dig Deeper on EMM tools | Enterprise mobility management technology
Related Q&A from Lisa Phifer
Is there a difference between a wireless access point and a router? Yes. While the two devices are related, they meet different needs in a Wi-Fi ... Continue Reading
A remote access VPN connects remote users from any location to a corporate network. A site-to-site VPN, meanwhile, connects individual networks to ... Continue Reading
Network managers and users might opt to set up two VPN connections at the same time, from the same remote device. But that might not be possible -- ... Continue Reading