ras-slava - Fotolia

How do I get started with Android device management?

New and improved management features have made Android devices more suitable for enterprise use, and API and EMM tools can streamline the device management process.

Android device management relies on open source application program interfaces -- primarily the Android Device Administration API. Many kinds of Android apps can make use of these APIs, from third-party email clients to enterprise mobility management agents.

To get started with Android device management, review the list of policies these Device Administration APIs can control to determine how they support your own needs. For example, Android policies can enforce the use of device passwords, minimum length and complexity requirements, maximum failed login attempts and more. Policies can also require storage encryption, disable the camera, remotely lock or wipe a device or prompt the user to set a new password.

Devices running Android 4.0 Ice Cream Sandwich or later broadly support these basic mobile device management policies, but there are certain limitations, depending on the device's make, model and operating system version.

To remotely view or set these policies, you must install an app that implements the necessary Device Administration APIs. For example, Android's native email client supports remote wipe and password enforcement APIs, and Microsoft Exchange ActiveSync can remotely manage them.

Advanced Android device management

If you're looking for more extensive capabilities, however, you'll want to purchase an EMM product from vendors such as VMware AirWatch, BlackBerry, IBM, MobileIron or SOTI.

Each EMM product is paired with an agent app that the user or IT must install on a device.

On Android, each EMM product is paired with an agent app that the user or IT must install on a device, either through a company's Web server or right from the Google Play store.

During installation, the user must grant device admin rights to the agent, which then accepts remote commands from the EMM product, providing IT with control over Android mobile device management and perhaps additional policies.

Android 5.0 Lollipop introduced a new, built-in form of device management, known as Android for Work. New capabilities offered through Android for Work include:

  • Installation of Android apps that doesn't require user involvement;
  • Remote app configuration;
  • A secure container for managed apps; and
  • Better insulation of managed apps from malicious apps that may exist outside the container.

Android for Work capabilities require an EMM product that interfaces with a Device Policy Client. Enterprises that want to use Android for Work must first complete a domain registration process with Google, configure a profile and add users to the registered domain to apply the profile to managed devices.

Although Android for Work is built into Android 5.0, it can also run on Android 4 devices that install Google's Android for Work app.

Next Steps

Here's everything you need to know about managing Android devices

Get to know Android for Work features

What you should look for in a Mobile device management system

Dig Deeper on EMM tools | Enterprise mobility management technology