The Most Important Android Enterprise Features for Supply Chain – Series 2
In my last post, Getting Started With Android Enterprise in Supply Chain – Series 1, we talked about a couple tools you need to understand before jumping into Android Enterprise. Now that we’ve got that sorted out, let’s talk about the features. Not all of the features, but the ones that are going to really matter in supply chain.
Android Enterprise’s main draws for supply chain are its unified management of all device types, simplified device provisioning, built-in security, and granular application management.
How many types of devices do you have in your environment? From how many manufacturers? With how many purposes? In the past, just having devices from different manufacturers would mean having different provisioning workflows, different agents, different software packages, and sometimes even different management platforms for each. Android Enterprise is a way to manage all devices running Android. All of them. You can use the same management tool for worker devices, corporate devices, front-of-store devices, and backend warehouse devices.
The basis of Android Enterprise is its common APIs. Having everyone use the same APIs leads to one tool working for all devices, like we talked about, but it also means equality. Manufacturers and software developers don’t have to spend time reinventing the wheel every time there is a new Android version or device release. For the big names in the field, this means they can spend that time innovating around new features instead of reimplementing old ones. For the newer or smaller names, this means they actually stand a chance against the big names. Product quality and pricing is going to improve across the board, as well as the cadence of updates and releases.
Getting a device out of the box and into a worker’s hand quickly is top priority in the warehouse. Android Enterprise offers a few convenient ways to provision devices, but it’s not a perfect process. Provisioning flows are different for each management mode, with the most important difference being that fully managed and dedicated devices must be factory reset. Android Enterprise devices cannot be completely provisioned remotely. You will have to touch them.
Despite this drawback, provisioning does not have to be a long, painful process. There will be more upfront work with the reset, but with device-to-device replication and simultaneous provisioning you can set up an entire fleet as quickly as you can move. That fleet of devices doesn’t have to be a single type of device either. Android Enterprise’s efforts to provide a unified management approach mean that you can have one provisioning process for all of your devices, regardless of their manufacturer. Different EMMs may offer different methods—such as apps, QR codes, NFC bump, and account based provisioning—but overall, the offerings will be fairly consistent.
Let’s be honest, supply chain hasn’t always valued security over ease. We like to “set it and forget it.” We avoid updating if it might affect our uptime, and we sometimes use hacked solutions to make things work the way we want. Security theater is pervasive in our field. Well, Android Enterprise is going to make security a priority, whether you want it to be or not. Luckily, Google does most of the work and you just need to do a little planning.
When you create an enterprise, you get a version of the Google Play store that is unique to your specific enterprise. All of the apps that go on your enterprise devices come from there. This means that everything on your devices automatically goes through Google’s Play Protect system and is thoroughly checked for malware and vulnerabilities. This plus Android’s built-in application sandboxing and automatic data encryption means that company data on mobile devices has never been more secure.
However, if you have a custom app, you can no longer sideload it unless you validate it with Google. They require everything to be scanned by Play Protect. Yes, this adds a few more steps than we are used to, but it keeps your devices and data secure. Hacked together apps introduce risk into your environment. Requiring all apps, even yours, to meet these security standards raises the quality of the apps themselves and protects you in the end.
Using Android Enterprise also puts your devices and apps on Google’s update schedule. System, security, and app updates are going to be coming out more frequently with Android Enterprise, and they can no longer be delayed indefinitely. You can still create update windows and delay big updates for a few months, but you will be required to let them through within 90 days.
Granular application management is really where Android Enterprise started and is one of its strongest features. Android Enterprise introduced managed configurations as a new way to customize software deployments. When a developer creates an app, they can use Google Play APIs to specify managed configuration options. Then when you distribute that app through your EMM, you can customize those settings.
Now, the important part here is that those managed configurations are linked to the app APK itself. This condenses the software distribution process and makes it very manageable and flexible. You will have fewer software packages to keep track of, the ability to quickly switch configurations on an app without redeploying it, a centralized configuration location within the app deployment itself, and low-risk testing and validation.
Some device manufacturers have taken managed configurations one step further, creating OEM configuration apps. These apps enable you to configure device level management settings with managed configurations. You don’t need special utilities or tools to configure manufacturer specific settings and functions anymore. All of those critical settings have been moved into these apps that you can configure and deploy completely remotely from a single EMM.
Coming up next
In my next post in this series, I will go over some changes to your environment that will come with Android Enterprise.