The Mobile Device Management (MDM) and Enterprise Mobility Management (EMM) arena is an exciting technology field with rapid innovation across a wide breadth of platforms. On February 9th we announced the launch of a host of new Systems Manager (SM) features and functionality for these platforms, and as part of this release SM now supports Android for Work.
This provides a major boost to the manageability of Android devices as it makes it much simpler for employees to use their own device for work. It does this without ceding the user’s control of their personal device, while allowing the organization to ensure appropriate security.
An example of one of the areas where functionality has been significantly extended over existing Android controls, is in the area of restrictions. There are now three new categories of Android restrictions available in SM, in addition to the previously available ones.
Keyguard restrictions help secure an Android device when it is locked. Although you may be confident your data’s security when the device is locked, information could still leak out without the correct keyguard settings, for example a notification that displays the content of an SMS even when the device is locked. With keyguard restrictions you can now disable any or all of the following items:
- Unredacted notifications
- Fingerprint access
- Trust agents
- All keyguard features
In addition to keyguard controls, an administrator can now also apply restrictions to other system areas. One brilliant addition is the ability to prevent users from installing applications from unknown sources. With the prevalence of malware and other dangerous apps in the Android ecosystems, allowing users to turn off this safety net is often not desirable. This control lets the administrator decide. The complete list of system restrictions we are announcing in this launch is:
- Prevent Android Debug Bridge (ADB) access
- Prevent installation of apps from unknown sources
- Prevent uninstalling of apps
- Prevent app control
- Enforce application verification
- Disable SMS
- Disable keyguard
- Disable screen capture
- Disable volume adjustment
- Disable factory reset
Along with the new restrictions, there is now containerization with separate Google Play stores for personal and work apps. This allows separate instances of identical applications to be isolated within the appropriate personal or work container. For example you can have two instances of Gmail with one configured for personal use and the other configured for IMAP access to a corporate mail server.
Administrators can now be confident in the knowledge that corporate data can be erased with the removal of the work app from a device, and users will be reassured that their personal data won’t be affected. A complete wipe of the work profile removes all the contained applications and data meaning off boarding employee devices is straightforward and secure.
Android for Work and the other new features included as part of this launch are available today. If you are a Systems Manager Legacy customer interested in these new capabilities, then you will need to upgrade to the full version. This includes a wealth of features on top of those mentioned in this post, with further information available on the Systems Manager licensing page.
More information can be found on our documentation portal, with upcoming Systems Manager webinars highlighting these features. Alternatively contact us to begin a no risk trial and we will help get you up and running.